[NeMo-DDoS-List] FW: [Geant NeMo] Analysis for Alert #220436 CRIT: IUCC (AS378) - [Customer] [IUCC] [Email_Analysis]

Hank Nussbacher hank at mail.iucc.ac.il
Mon Dec 4 11:58:16 IST 2023




________________________________________
From: nemo-ddos at geant.org <nemo-ddos at geant.org>
Sent: Monday, December 4, 2023 11:58:11 AM (UTC+02:00) Jerusalem
To: soc at geant.org
Subject: [Geant NeMo] Analysis for Alert #220436 CRIT: IUCC (AS378) - [Customer] [IUCC] [Email_Analysis]

Please find the analysis details for the Alert ID: 220436

Top-10 Src IPs by Packets:
  Packets   Est. Rate   % of Total           Src IP
--------------------------------------------------
   996600        3322         3.0%      94.102.61.2
   973200        3244         2.9%   192.241.230.57
   750600        2502         2.2%     192.114.7.91
   721500        2405         2.2%    77.90.185.188
   706200        2354         2.1%    77.90.185.185
   698400        2328         2.1%    77.90.185.182
   678900        2263         2.0%   118.123.105.92
   676500        2255         2.0%    77.90.185.183
   665400        2218         2.0%    77.90.185.155
   633900        2113         1.9%    77.90.185.158

Top-10 Dst IPs by Packets:
   Packets   Est. Rate   % of Total             Dst IP
-----------------------------------------------------
  66001500      220005       197.7%       192.114.7.10
  62352600      207842       186.7%       192.114.7.91
    129000         430         0.4%       132.76.61.54
    123000         410         0.4%       132.76.61.53
     76800         256         0.2%    192.114.105.246
     66300         221         0.2%    192.114.105.254
     50100         167         0.2%   2620:1ec:8f8::10
     43800         146         0.1%     132.76.214.120
     39300         131         0.1%       192.114.1.98
     32700         109         0.1%        192.114.7.2

Top-10 Possible Targets by Bytes:
          Src IP   Src Port            Dst IP   Dst Port   Sampled Count
----------------------------------------------------------------------
                                 192.114.7.10         80      3960090000
                                 192.114.7.10                 3960090000
                                 192.114.7.91         80      3741156000
                                 192.114.7.91                 3741156000
                              192.114.105.246                   94044600
                        443   192.114.105.246                   94026600
  17.253.122.205        443                                     80463600
  17.253.122.205                                   50487        80463600
  17.253.122.205                                                80463600
                              192.114.105.246      50487        80463600

Further Details:
https://primary.nemo.geant.org/alerts/details/220436/


More information about the Nemo-ddos-list mailing list