[NeMo-DDoS-List] FW: [Geant NeMo] Analysis for Alert #220829 CRIT: IUCC (AS378) - [Customer] [IUCC] [Email_Analysis]

Hank Nussbacher hank at mail.iucc.ac.il
Tue Dec 5 12:22:45 IST 2023




________________________________________
From: nemo-ddos at geant.org <nemo-ddos at geant.org>
Sent: Tuesday, December 5, 2023 12:22:40 PM (UTC+02:00) Jerusalem
To: soc at geant.org
Subject: [Geant NeMo] Analysis for Alert #220829 CRIT: IUCC (AS378) - [Customer] [IUCC] [Email_Analysis]

Please find the analysis details for the Alert ID: 220829

Top-10 Src IPs by Packets:
   Packets   Est. Rate   % of Total           Src IP
---------------------------------------------------
  28979400       96598         7.9%   142.251.209.14
   8818500       29395         2.4%   216.58.204.142
   7828200       26094         2.1%    216.58.205.42
   6501900       21673         1.8%    13.107.136.10
   5874600       19582         1.6%      31.13.84.51
   5676600       18922         1.5%   142.251.209.42
   5564100       18547         1.5%      31.13.84.52
   5250000       17500         1.4%   152.199.21.175
   5044200       16814         1.4%       31.13.84.4
   5027100       16757         1.4%    216.58.209.42

Top-10 Dst IPs by Packets:
    Packets   Est. Rate   % of Total            Dst IP
-----------------------------------------------------
  283098000      943660        76.9%     192.114.7.161
  186870600      622902        50.7%      192.114.7.10
  167928000      559760        45.6%      192.114.7.91
    9008100       30027         2.4%      132.76.61.54
    8133300       27111         2.2%      132.76.61.53
    7871100       26237         2.1%   128.139.225.245
    7247100       24157         2.0%     192.114.3.241
    6821400       22738         1.9%      132.76.10.41
    5994600       19982         1.6%     128.139.200.5
    4939800       16466         1.3%     128.139.200.4

Top-10 Possible Targets by Bytes:
          Src IP   Src Port          Dst IP   Dst Port   Sampled Count
--------------------------------------------------------------------
  142.251.209.14                                           40025168400
  142.251.209.14        443                                40025118300
                              192.114.7.161                17123627700
                              192.114.7.161         80     17122293300
                               192.114.7.10                11211240000
                               192.114.7.10         80     11208494400
  216.58.204.142        443                                11149176600
  216.58.204.142                                           11149176600
                               192.114.7.91                10073581200
                               192.114.7.91         80     10071679200

Further Details:
https://primary.nemo.geant.org/alerts/details/220829/


More information about the Nemo-ddos-list mailing list