[NeMo-DDoS-List] FW: [Geant NeMo] Analysis for Alert #220939 CRIT: IUCC (AS378) - [Customer] [IUCC] [Email_Analysis]

Hank Nussbacher hank at mail.iucc.ac.il
Tue Dec 5 22:04:07 IST 2023




________________________________________
From: nemo-ddos at geant.org <nemo-ddos at geant.org>
Sent: Tuesday, December 5, 2023 10:04:02 PM (UTC+02:00) Jerusalem
To: soc at geant.org
Subject: [Geant NeMo] Analysis for Alert #220939 CRIT: IUCC (AS378) - [Customer] [IUCC] [Email_Analysis]

Please find the analysis details for the Alert ID: 220939

Top-10 Src IPs by Packets:
  Packets   Est. Rate   % of Total               Src IP
------------------------------------------------------
  2508000        8360         9.3%          31.13.84.52
  1422000        4740         5.3%           31.13.84.4
  1298700        4329         4.8%         132.74.20.45
   732600        2442         2.7%      142.250.180.161
   725400        2418         2.7%       216.58.204.142
   459900        1533         1.7%          31.13.84.15
   427800        1426         1.6%      128.139.225.245
   411600        1372         1.5%   2a00:1450:4812::1a
   390300        1301         1.5%    2001:bf8:900:7::4
   354300        1181         1.3%        176.233.67.87

Top-10 Dst IPs by Packets:
   Packets   Est. Rate   % of Total               Dst IP
-------------------------------------------------------
  45523500      151745       169.6%         192.114.7.91
   5107800       17026        19.0%      128.139.225.245
   1298700        4329         4.8%        51.16.175.215
    739800        2466         2.8%       132.72.202.170
    660900        2203         2.5%       132.68.237.250
    652800        2176         2.4%         132.65.44.96
    600900        2003         2.2%       128.139.12.156
    585300        1951         2.2%   2a00:1450:4812::1a
    538500        1795         2.0%      128.139.225.228
    471300        1571         1.8%         128.139.35.5

Top-10 Possible Targets by Bytes:
        Src IP   Src Port            Dst IP   Dst Port   Sampled Count
--------------------------------------------------------------------
                               192.114.7.91                59931471600
                               192.114.7.91                37268013600
                               192.114.7.91                37268013600
                       53      192.114.7.91                22657460400
                            128.139.225.245                 5396304000
                      443   128.139.225.245                 4205937300
   31.13.84.52        443                                   3062965500
   31.13.84.52                                              3062965500
  132.74.20.45       4500                                   1862461200
  132.74.20.45                                    4500      1862461200

Further Details:
https://primary.nemo.geant.org/alerts/details/220939/


More information about the Nemo-ddos-list mailing list