[NeMo-DDoS-List] FW: [Geant NeMo] Analysis for Alert #220824 CRIT: IUCC (AS378) - [Customer] [IUCC] [Email_Analysis]

Hank Nussbacher hank at mail.iucc.ac.il
Tue Dec 5 12:18:19 IST 2023




________________________________________
From: nemo-ddos at geant.org <nemo-ddos at geant.org>
Sent: Tuesday, December 5, 2023 12:18:13 PM (UTC+02:00) Jerusalem
To: soc at geant.org
Subject: [Geant NeMo] Analysis for Alert #220824 CRIT: IUCC (AS378) - [Customer] [IUCC] [Email_Analysis]

Please find the analysis details for the Alert ID: 220824

Top-10 Src IPs by Packets:
  Packets   Est. Rate   % of Total            Src IP
---------------------------------------------------
  1124100        3747         3.3%      192.114.7.10
  1008000        3360         3.0%    162.243.138.59
   965700        3219         2.8%   185.224.128.184
   783600        2612         2.3%    192.241.198.41
   703800        2346         2.1%     77.90.185.188
   689700        2299         2.0%     77.90.185.189
   685500        2285         2.0%     77.90.185.185
   679500        2265         2.0%     77.90.185.182
   661800        2206         1.9%     77.90.185.183
   654900        2183         1.9%     77.90.185.158

Top-10 Dst IPs by Packets:
   Packets   Est. Rate   % of Total                                 Dst IP
-------------------------------------------------------------------------
  86940600      289802       255.1%                           192.114.7.10
  54689700      182299       160.4%                           192.114.7.91
    158100         527         0.5%                           132.76.61.53
    119700         399         0.4%                  2a01:b740:a41:60e::10
    116400         388         0.3%                           132.76.61.54
     82800         276         0.2%                            132.64.2.49
     79500         265         0.2%   2001:bf8:200:38f:3ce2:503f:ee68:b8e4
     72900         243         0.2%                           132.70.66.12
     64500         215         0.2%                        192.114.105.254
     62400         208         0.2%                           132.76.10.41

Top-10 Possible Targets by Bytes:
                 Src IP   Src Port                                 Dst IP   Dst Port   Sampled Count
--------------------------------------------------------------------------------------------------
                                                             192.114.7.10         80      5216394000
                                                             192.114.7.10                 5216394000
                                                             192.114.7.91                 3281382000
                                                             192.114.7.91         80      3281346000
  2a01:b740:a41:60e::10        443                                                         100170000
  2a01:b740:a41:60e::10                                                        57632       100170000
  2a01:b740:a41:60e::10                                                                    100170000
                               443   2001:bf8:200:38f:3ce2:503f:ee68:b8e4                  100170000
                                     2001:bf8:200:38f:3ce2:503f:ee68:b8e4      57632       100170000
                                     2001:bf8:200:38f:3ce2:503f:ee68:b8e4                  100170000

Further Details:
https://primary.nemo.geant.org/alerts/details/220824/


More information about the Nemo-ddos-list mailing list