[NeMo-DDoS-List] FW: [Geant NeMo] Analysis for Alert #220273 CRIT: IUCC (AS378) - [Customer] [IUCC] [Email_Analysis]

Hank Nussbacher hank at mail.iucc.ac.il
Mon Dec 4 01:02:54 IST 2023




________________________________________
From: nemo-ddos at geant.org <nemo-ddos at geant.org>
Sent: Monday, December 4, 2023 1:02:49 AM (UTC+02:00) Jerusalem
To: soc at geant.org
Subject: [Geant NeMo] Analysis for Alert #220273 CRIT: IUCC (AS378) - [Customer] [IUCC] [Email_Analysis]

Please find the analysis details for the Alert ID: 220273

Top-10 Src IPs by Packets:
   Packets   Est. Rate   % of Total            Src IP
----------------------------------------------------
  16407300       54691        11.9%      132.68.74.52
   5691900       18973         4.1%      52.17.98.131
   3956700       13189         2.9%   142.250.180.170
   3595200       11984         2.6%     162.125.69.12
   3580500       11935         2.6%    142.251.209.10
   2882100        9607         2.1%    216.58.204.138
   2513400        8378         1.8%    20.150.125.161
   2195400        7318         1.6%   142.250.180.138
   2097300        6991         1.5%     13.107.136.10
   2077500        6925         1.5%    142.251.209.42

Top-10 Dst IPs by Packets:
    Packets   Est. Rate   % of Total            Dst IP
-----------------------------------------------------
  106470900      354903        76.9%      192.114.7.10
   64914900      216383        46.9%      192.114.7.91
    5442600       18142         3.9%    132.67.252.201
    4423500       14745         3.2%   128.139.225.245
    4317600       14392         3.1%      132.68.74.52
    3356700       11189         2.4%      132.76.61.53
    3219900       10733         2.3%      192.114.2.38
    2536800        8456         1.8%     132.74.10.101
    2513400        8378         1.8%       132.70.19.4
    2366700        7889         1.7%      132.66.40.71

Top-10 Possible Targets by Bytes:
           Src IP   Src Port            Dst IP   Dst Port   Sampled Count
-----------------------------------------------------------------------
     132.68.74.52                                     443     23545634700
     132.68.74.52                                             23545634700
                                  192.114.7.10                 6388169700
                                  192.114.7.10         80      6387870000
  142.250.180.170        443                                   5215346400
  142.250.180.170                                              5215346400
                               128.139.225.245                 4993899900
   142.251.209.10        443                                   4949078100
   142.251.209.10                                              4949078100
                         443      192.114.2.38                 4536952200

Further Details:
https://primary.nemo.geant.org/alerts/details/220273/


More information about the Nemo-ddos-list mailing list