[NeMo-DDoS-List] FW: [Geant NeMo] Analysis for Alert #220272 CRIT: IUCC (AS378) - [Customer] [IUCC] [Email_Analysis]

Hank Nussbacher hank at mail.iucc.ac.il
Mon Dec 4 01:02:54 IST 2023




________________________________________
From: nemo-ddos at geant.org <nemo-ddos at geant.org>
Sent: Monday, December 4, 2023 1:02:49 AM (UTC+02:00) Jerusalem
To: soc at geant.org
Subject: [Geant NeMo] Analysis for Alert #220272 CRIT: IUCC (AS378) - [Customer] [IUCC] [Email_Analysis]

Please find the analysis details for the Alert ID: 220272

Top-10 Src IPs by Packets:
  Packets   Est. Rate   % of Total           Src IP
--------------------------------------------------
  5691900       18973        18.0%     52.17.98.131
  1400700        4669         4.4%     192.114.7.91
   821100        2737         2.6%   162.243.151.35
   732000        2440         2.3%    77.90.185.182
   691500        2305         2.2%    77.90.185.188
   689400        2298         2.2%    77.90.185.183
   639900        2133         2.0%    77.90.185.158
   604200        2014         1.9%    77.90.185.191
   601500        2005         1.9%    77.90.185.186
   599100        1997         1.9%    77.90.185.155

Top-10 Dst IPs by Packets:
    Packets   Est. Rate   % of Total            Dst IP
-----------------------------------------------------
  106457100      354857       335.8%      192.114.7.10
   64880100      216267       204.6%      192.114.7.91
      47100         157         0.1%      132.76.61.53
      35100         117         0.1%       172.67.24.1
      34500         115         0.1%      192.114.1.98
      29100          97         0.1%      132.76.61.54
      19500          65         0.1%   128.139.225.245
      17400          58         0.1%      132.76.61.55
      17400          58         0.1%     84.91.204.214
      13500          45         0.0%     132.65.240.60

Top-10 Possible Targets by Bytes:
          Src IP   Src Port         Dst IP   Dst Port   Sampled Count
-------------------------------------------------------------------
                              192.114.7.10         80      6387426000
                              192.114.7.10                 6387426000
                              192.114.7.91                 3892806000
                              192.114.7.91         80      3892770000
    52.17.98.131                                            227683200
    192.114.7.91         80                                  84042000
    192.114.7.91                                             84042000
  162.243.151.35                                 2181        32844000
  162.243.151.35                                             32844000
   77.90.185.182      54319                                  29280000

Further Details:
https://primary.nemo.geant.org/alerts/details/220272/


More information about the Nemo-ddos-list mailing list