[NeMo-DDoS-List] FW: [Geant NeMo] Analysis for Alert #220275 CRIT: IUCC (AS378) - [Customer] [IUCC] [Email_Analysis]

Hank Nussbacher hank at mail.iucc.ac.il
Mon Dec 4 01:02:53 IST 2023




________________________________________
From: nemo-ddos at geant.org <nemo-ddos at geant.org>
Sent: Monday, December 4, 2023 1:02:49 AM (UTC+02:00) Jerusalem
To: soc at geant.org
Subject: [Geant NeMo] Analysis for Alert #220275 CRIT: IUCC (AS378) - [Customer] [IUCC] [Email_Analysis]

Please find the analysis details for the Alert ID: 220275

Top-10 Src IPs by Packets:
   Packets   Est. Rate   % of Total            Src IP
----------------------------------------------------
  16407300       54691        10.3%      132.68.74.52
   8000400       26668         5.0%      132.74.20.45
   5692800       18976         3.6%      52.17.98.131
   4032000       13440         2.5%   142.250.180.170
   3731400       12438         2.3%    142.251.209.10
   3595200       11984         2.3%     162.125.69.12
   3028800       10096         1.9%    209.85.137.254
   2950200        9834         1.8%    216.58.204.138
   2513400        8378         1.6%    20.150.125.161
   2333100        7777         1.5%   142.250.180.138

Top-10 Dst IPs by Packets:
    Packets   Est. Rate   % of Total            Dst IP
-----------------------------------------------------
  106479000      354930        66.7%      192.114.7.10
   64937100      216457        40.7%      192.114.7.91
    7997400       26658         5.0%     51.16.175.215
    6648900       22163         4.2%   128.139.225.245
    5442600       18142         3.4%    132.67.252.201
    4317600       14392         2.7%      132.68.74.52
    3356700       11189         2.1%      132.76.61.53
    3212400       10708         2.0%      192.114.2.38
    2536800        8456         1.6%     132.74.10.101
    2513400        8378         1.6%       132.70.19.4

Top-10 Possible Targets by Bytes:
        Src IP   Src Port            Dst IP   Dst Port   Sampled Count
--------------------------------------------------------------------
  132.68.74.52                                     443     23545634700
  132.68.74.52                                             23545634700
  132.74.20.45       4500                                  11628771600
  132.74.20.45                                    4500     11628771600
  132.74.20.45                                             11628771600
                     4500     51.16.175.215                11628104400
                              51.16.175.215       4500     11628104400
                              51.16.175.215                11628104400
                            128.139.225.245                 6471432900
                               192.114.7.10                 6388505700

Further Details:
https://primary.nemo.geant.org/alerts/details/220275/


More information about the Nemo-ddos-list mailing list