[NeMo-DDoS-List] FW: [Geant NeMo] Analysis for Alert #220523 CRIT: IUCC (AS378) - [Customer] [IUCC] [Email_Analysis]

Hank Nussbacher hank at mail.iucc.ac.il
Mon Dec 4 18:32:22 IST 2023




________________________________________
From: nemo-ddos at geant.org <nemo-ddos at geant.org>
Sent: Monday, December 4, 2023 6:32:17 PM (UTC+02:00) Jerusalem
To: soc at geant.org
Subject: [Geant NeMo] Analysis for Alert #220523 CRIT: IUCC (AS378) - [Customer] [IUCC] [Email_Analysis]

Please find the analysis details for the Alert ID: 220523

Top-10 Src IPs by Packets:
   Packets   Est. Rate   % of Total            Src IP
----------------------------------------------------
  11508900       38363         5.4%    142.251.209.10
  11478900       38263         5.3%     162.125.69.15
   6592800       21976         3.1%    132.77.217.238
   4921800       16406         2.3%    172.233.162.45
   3706200       12354         1.7%       31.13.84.52
   3562500       11875         1.7%     52.97.168.210
   3389100       11297         1.6%    132.64.101.131
   3120900       10403         1.5%   131.156.224.118
   2501100        8337         1.2%    74.112.186.135
   2436000        8120         1.1%    132.64.101.136

Top-10 Dst IPs by Packets:
    Packets   Est. Rate   % of Total            Dst IP
-----------------------------------------------------
  373993500     1246645       174.1%      192.114.3.10
   17592600       58642         8.2%      132.76.61.54
   16810800       56036         7.8%      132.76.61.53
    9085800       30286         4.2%   128.139.225.245
    6592800       21976         3.1%     54.230.106.83
    3588600       11962         1.7%    132.67.252.201
    3301800       11006         1.5%      132.70.2.148
    3170400       10568         1.5%     128.139.200.4
    3120900       10403         1.5%    132.64.145.251
    3105300       10351         1.4%     128.139.200.5

Top-10 Possible Targets by Bytes:
          Src IP   Src Port            Dst IP   Dst Port   Sampled Count
----------------------------------------------------------------------
                                 192.114.3.10                44840340000
                                 192.114.3.10                44461152000
                                 192.114.3.10                44302752000
                                 132.76.61.53                18028107600
                        443      132.76.61.53                18002705400
   162.125.69.15        443                                  16376702700
   162.125.69.15                                             16376702700
                              128.139.225.245                 9223944300
  132.77.217.238                                     443      9125411100
  132.77.217.238                                              9125411100

Further Details:
https://primary.nemo.geant.org/alerts/details/220523/


More information about the Nemo-ddos-list mailing list