[NeMo-DDoS-List] FW: [Geant NeMo] Analysis for Alert #220827 WARN: IUCC (AS378) - [Customer] [IUCC] [Email_Analysis]

Hank Nussbacher hank at mail.iucc.ac.il
Tue Dec 5 12:10:25 IST 2023




________________________________________
From: nemo-ddos at geant.org <nemo-ddos at geant.org>
Sent: Tuesday, December 5, 2023 12:10:19 PM (UTC+02:00) Jerusalem
To: soc at geant.org
Subject: [Geant NeMo] Analysis for Alert #220827 WARN: IUCC (AS378) - [Customer] [IUCC] [Email_Analysis]

Please find the analysis details for the Alert ID: 220827

Top-10 Src IPs by Packets:
  Packets   Est. Rate   % of Total           Src IP
--------------------------------------------------
  6982200       23274         2.4%    216.58.205.42
  6327600       21092         2.2%   142.251.209.42
  5503500       18345         1.9%   152.199.21.175
  5251500       17505         1.8%     46.228.144.2
  4653600       15512         1.6%    13.107.136.10
  4127400       13758         1.4%   93.184.221.240
  4010100       13367         1.4%     52.105.28.55
  3505200       11684         1.2%      31.13.84.51
  3261000       10870         1.1%      52.84.45.37
  2963400        9878         1.0%    18.161.97.103

Top-10 Dst IPs by Packets:
    Packets   Est. Rate   % of Total          Dst IP
---------------------------------------------------
  118127400      393758        41.4%    192.114.7.10
   79855200      266184        28.0%    192.114.7.91
    8487600       28292         3.0%    132.76.61.54
    7747800       25826         2.7%    132.76.61.53
    6715500       22385         2.4%    132.76.10.41
    5545800       18486         1.9%   128.139.200.4
    5501700       18339         1.9%   128.139.200.5
    4853400       16178         1.7%   192.114.3.241
    3895200       12984         1.4%   132.72.80.116
    3809700       12699         1.3%   192.114.1.109

Top-10 Possible Targets by Bytes:
          Src IP   Src Port          Dst IP   Dst Port   Sampled Count
--------------------------------------------------------------------
  152.199.21.175                                            7553217300
  152.199.21.175         80                                 7405969800
                              128.139.200.4                 7387036200
                        443   128.139.200.4                 7381170600
                              128.139.200.5                 7379233500
                        443   128.139.200.5                 7378783500
                               192.114.7.10         80      7084507200
                               192.114.7.10                 7084507200
    46.228.144.2                                            7067238900
    52.105.28.55        443                                 5710149300

Further Details:
https://primary.nemo.geant.org/alerts/details/220827/


More information about the Nemo-ddos-list mailing list