attribution is a waste of time unless you're a fed
IF it's an attack and not misconfiguration/malfunction
IF you've been doing threat intel for awhile so you have sets of indicators
IF you get who right (but probably not)
6 los-edge-07.inet.qwest.net (67.14.102.142) 168.005 ms 168.244 ms 167.675 ms
7 65.153.29.222 (65.153.29.222) 163.759 ms 163.936 ms 163.290 ms
8 be53-13.cr5.lax.multacom.com (208.64.231.86) 163.149 ms 167.691 ms 167.706 ms
without seeing a trace when it was in working order there's a lot of speculation. There could be intermediary infra down or maybe host unreach, ttl exceededs were always filtered from this hop forward.
SPEZ:
Here's the last few hops to an adjacent IP:
4 ae-1-3511.edge2.NewYork6.Level3.net (4.69.209.78) 115.987 ms 115.983 ms 115.952 ms
5 CenturyLink-level3-NewYork6.Level3.net (4.68.70.50) 106.641 ms 106.283 ms 111.229 ms
6 los-edge-07.inet.qwest.net (67.14.102.142) 167.924 ms 167.627 ms 167.991 ms
7 65.153.29.222 (65.153.29.222) 163.393 ms 163.468 ms 163.600 ms
8 be53-13.cr5.lax.multacom.com (208.64.231.86) 162.606 ms 162.983 ms 162.892 ms
9 224-125-74-198-dedicated.multacom.com
Looks like the host is unreachable as adjacent IPs 198.74.125.222 and 198.74.125.224 are reachable but not 198.74.125.223 (matrix.donaldsarmy.us)
China? NSA?
adapt and overcome! Hope all's well
attribution is a waste of time unless you're a fed
IF it's an attack and not misconfiguration/malfunction
IF you've been doing threat intel for awhile so you have sets of indicators
IF you get who right (but probably not)
What are you going to do with the data?
Does the traceroute give any insight?
Last 3 hops:
6 los-edge-07.inet.qwest.net (67.14.102.142) 168.005 ms 168.244 ms 167.675 ms
7 65.153.29.222 (65.153.29.222) 163.759 ms 163.936 ms 163.290 ms
8 be53-13.cr5.lax.multacom.com (208.64.231.86) 163.149 ms 167.691 ms 167.706 ms
without seeing a trace when it was in working order there's a lot of speculation. There could be intermediary infra down or maybe host unreach, ttl exceededs were always filtered from this hop forward.
SPEZ: Here's the last few hops to an adjacent IP:
4 ae-1-3511.edge2.NewYork6.Level3.net (4.69.209.78) 115.987 ms 115.983 ms 115.952 ms
5 CenturyLink-level3-NewYork6.Level3.net (4.68.70.50) 106.641 ms 106.283 ms 111.229 ms
6 los-edge-07.inet.qwest.net (67.14.102.142) 167.924 ms 167.627 ms 167.991 ms
7 65.153.29.222 (65.153.29.222) 163.393 ms 163.468 ms 163.600 ms
8 be53-13.cr5.lax.multacom.com (208.64.231.86) 162.606 ms 162.983 ms 162.892 ms
9 224-125-74-198-dedicated.multacom.com
Looks like the host is unreachable as adjacent IPs 198.74.125.222 and 198.74.125.224 are reachable but not 198.74.125.223 (matrix.donaldsarmy.us)