[NeMo-DDoS-List] FW: [Geant NeMo] Analysis for Alert #219894 WARN: IUCC (AS378) - [Customer] [IUCC] [Email_Analysis]

Hank Nussbacher hank at mail.iucc.ac.il
Sat Dec 2 20:30:52 IST 2023




________________________________________
From: nemo-ddos at geant.org <nemo-ddos at geant.org>
Sent: Saturday, December 2, 2023 8:30:45 PM (UTC+02:00) Jerusalem
To: soc at geant.org
Subject: [Geant NeMo] Analysis for Alert #219894 WARN: IUCC (AS378) - [Customer] [IUCC] [Email_Analysis]

Please find the analysis details for the Alert ID: 219894

Top-10 Src IPs by Packets:
  Packets   Est. Rate   % of Total           Src IP
--------------------------------------------------
  1835100        6117         4.0%     8.209.68.216
  1783800        5946         3.9%   47.254.143.210
  1180500        3935         2.6%   47.254.173.222
  1047900        3493         2.3%    47.254.143.85
  1014600        3382         2.2%     132.74.20.45
  1011000        3370         2.2%      8.209.65.37
  1009800        3366         2.2%   47.254.176.249
  1009800        3366         2.2%      8.211.0.126
  1003500        3345         2.2%     8.209.106.54
   994500        3315         2.2%      8.211.0.165

Top-10 Dst IPs by Packets:
  Packets   Est. Rate   % of Total            Dst IP
---------------------------------------------------
  3119400       10398         6.8%   128.139.225.245
  1010700        3369         2.2%     51.16.175.215
   673800        2246         1.5%      132.65.44.96
   531300        1771         1.2%    192.114.23.221
   474000        1580         1.0%      128.139.35.5
   465000        1550         1.0%      132.65.44.95
   462900        1543         1.0%     132.72.87.162
   416700        1389         0.9%    128.139.34.240
   251100         837         0.5%    157.240.196.62
   218400         728         0.5%    128.139.200.61

Top-10 Possible Targets by Bytes:
        Src IP   Src Port            Dst IP   Dst Port   Sampled Count
--------------------------------------------------------------------
                            128.139.225.245                 3398793000
                      443   128.139.225.245                 2902930500
  132.74.20.45       4500                                   1457922000
  132.74.20.45                                    4500      1457922000
  132.74.20.45                                              1457922000
                     4500     51.16.175.215                 1456486800
                              51.16.175.215       4500      1456486800
                              51.16.175.215                 1456486800
   31.13.84.52        443                                   1123599300
   31.13.84.52                                              1123599300

Further Details:
https://primary.nemo.geant.org/alerts/details/219894/


More information about the Nemo-ddos-list mailing list