[NeMo-DDoS-List] FW: [Geant NeMo] Analysis for Alert #220824 CRIT: IUCC (AS378) - [Customer] [IUCC] [Email_Analysis]
Hank Nussbacher
hank at mail.iucc.ac.il
Tue Dec 5 12:18:19 IST 2023
________________________________________
From: nemo-ddos at geant.org <nemo-ddos at geant.org>
Sent: Tuesday, December 5, 2023 12:18:13 PM (UTC+02:00) Jerusalem
To: soc at geant.org
Subject: [Geant NeMo] Analysis for Alert #220824 CRIT: IUCC (AS378) - [Customer] [IUCC] [Email_Analysis]
Please find the analysis details for the Alert ID: 220824
Top-10 Src IPs by Packets:
Packets Est. Rate % of Total Src IP
---------------------------------------------------
1124100 3747 3.3% 192.114.7.10
1008000 3360 3.0% 162.243.138.59
965700 3219 2.8% 185.224.128.184
783600 2612 2.3% 192.241.198.41
703800 2346 2.1% 77.90.185.188
689700 2299 2.0% 77.90.185.189
685500 2285 2.0% 77.90.185.185
679500 2265 2.0% 77.90.185.182
661800 2206 1.9% 77.90.185.183
654900 2183 1.9% 77.90.185.158
Top-10 Dst IPs by Packets:
Packets Est. Rate % of Total Dst IP
-------------------------------------------------------------------------
86940600 289802 255.1% 192.114.7.10
54689700 182299 160.4% 192.114.7.91
158100 527 0.5% 132.76.61.53
119700 399 0.4% 2a01:b740:a41:60e::10
116400 388 0.3% 132.76.61.54
82800 276 0.2% 132.64.2.49
79500 265 0.2% 2001:bf8:200:38f:3ce2:503f:ee68:b8e4
72900 243 0.2% 132.70.66.12
64500 215 0.2% 192.114.105.254
62400 208 0.2% 132.76.10.41
Top-10 Possible Targets by Bytes:
Src IP Src Port Dst IP Dst Port Sampled Count
--------------------------------------------------------------------------------------------------
192.114.7.10 80 5216394000
192.114.7.10 5216394000
192.114.7.91 3281382000
192.114.7.91 80 3281346000
2a01:b740:a41:60e::10 443 100170000
2a01:b740:a41:60e::10 57632 100170000
2a01:b740:a41:60e::10 100170000
443 2001:bf8:200:38f:3ce2:503f:ee68:b8e4 100170000
2001:bf8:200:38f:3ce2:503f:ee68:b8e4 57632 100170000
2001:bf8:200:38f:3ce2:503f:ee68:b8e4 100170000
Further Details:
https://primary.nemo.geant.org/alerts/details/220824/
More information about the Nemo-ddos-list
mailing list