[NeMo-DDoS-List] FW: [Geant NeMo] Analysis for Alert #221072 WARN: IUCC (AS378) - [Customer] [IUCC] [Email_Analysis]

Hank Nussbacher hank at mail.iucc.ac.il
Wed Dec 6 01:15:56 IST 2023




________________________________________
From: nemo-ddos at geant.org <nemo-ddos at geant.org>
Sent: Wednesday, December 6, 2023 1:15:49 AM (UTC+02:00) Jerusalem
To: soc at geant.org
Subject: [Geant NeMo] Analysis for Alert #221072 WARN: IUCC (AS378) - [Customer] [IUCC] [Email_Analysis]

Please find the analysis details for the Alert ID: 221072

Top-10 Src IPs by Packets:
  Packets   Est. Rate   % of Total           Src IP
--------------------------------------------------
  1499400        4998         6.8%      31.13.84.52
  1353900        4513         6.2%     132.74.20.45
   745800        2486         3.4%   209.85.137.254
   609600        2032         2.8%   107.170.243.33
   575400        1918         2.6%       31.13.84.4
   506400        1688         2.3%    95.90.237.169
   429600        1432         2.0%      31.13.84.15
   399900        1333         1.8%     96.44.142.14
   289800         966         1.3%     173.194.10.7
   275400         918         1.3%   162.19.136.138

Top-10 Dst IPs by Packets:
   Packets   Est. Rate   % of Total            Dst IP
----------------------------------------------------
  44337600      147792       202.2%      192.114.7.10
  36995100      123317       168.7%      192.114.7.91
   2896800        9656        13.2%   128.139.225.245
   1353900        4513         6.2%     51.16.175.215
    528600        1762         2.4%      132.65.44.96
    506400        1688         2.3%     132.66.50.226
    478500        1595         2.2%      128.139.35.5
    471300        1571         2.1%      132.65.44.95
    450000        1500         2.1%    128.139.200.60
    408300        1361         1.9%    128.139.34.240

Top-10 Possible Targets by Bytes:
  Src IP   Src Port            Dst IP   Dst Port   Sampled Count
--------------------------------------------------------------
                         192.114.7.10                58065147000
                         192.114.7.91                48427401900
                         192.114.7.10                36819711600
                         192.114.7.10                36819711600
                         192.114.7.91                30511517100
                         192.114.7.91                30511517100
                 53      192.114.7.10                21240704100
                 53      192.114.7.91                17907803100
                      128.139.225.245                 3306059100
                443   128.139.225.245                 2498154900

Further Details:
https://primary.nemo.geant.org/alerts/details/221072/


More information about the Nemo-ddos-list mailing list