[NeMo-DDoS-List] FW: [Geant NeMo] Analysis for Alert #220833 WARN: IUCC (AS378) - [Customer] [IUCC] [Email_Analysis]

Hank Nussbacher hank at mail.iucc.ac.il
Tue Dec 5 12:14:29 IST 2023




________________________________________
From: nemo-ddos at geant.org <nemo-ddos at geant.org>
Sent: Tuesday, December 5, 2023 12:14:24 PM (UTC+02:00) Jerusalem
To: soc at geant.org
Subject: [Geant NeMo] Analysis for Alert #220833 WARN: IUCC (AS378) - [Customer] [IUCC] [Email_Analysis]

Please find the analysis details for the Alert ID: 220833

Top-10 Src IPs by Packets:
   Packets   Est. Rate   % of Total           Src IP
---------------------------------------------------
  27779100       92597         9.1%   142.251.209.14
   8398200       27994         2.8%   216.58.204.142
   7194300       23981         2.4%    13.107.136.10
   7063500       23545         2.3%    216.58.205.42
   5301000       17670         1.7%    216.58.209.42
   4889700       16299         1.6%   152.199.21.175
   4494300       14981         1.5%     52.105.28.55
   3725100       12417         1.2%      31.13.84.51
   3656100       12187         1.2%   142.251.209.42
   3564000       11880         1.2%   216.58.204.138

Top-10 Dst IPs by Packets:
    Packets   Est. Rate   % of Total           Dst IP
----------------------------------------------------
  177867000      592890        58.4%    192.114.7.161
   51895800      172986        17.1%     192.114.7.91
    9108300       30361         3.0%     132.76.61.54
    8575500       28585         2.8%     132.76.61.53
    6756300       22521         2.2%     132.76.10.41
    6416100       21387         2.1%    192.114.3.241
    5608800       18696         1.8%    128.139.200.5
    4956600       16522         1.6%    128.139.200.4
    3984300       13281         1.3%   132.66.175.226
    3962400       13208         1.3%     132.69.196.3

Top-10 Possible Targets by Bytes:
          Src IP   Src Port          Dst IP   Dst Port   Sampled Count
--------------------------------------------------------------------
  142.251.209.14                                           39361003500
  142.251.209.14        443                                39360953400
  216.58.204.142        443                                11045188200
  216.58.204.142                                           11045188200
                              192.114.7.161         80     10389411600
                              192.114.7.161                10389411600
                        443   128.139.200.5                 7714793400
                              128.139.200.5                 7714793400
  152.199.21.175                                            6909930600
  152.199.21.175         80                                 6816522300

Further Details:
https://primary.nemo.geant.org/alerts/details/220833/


More information about the Nemo-ddos-list mailing list