[NeMo-DDoS-List] FW: [Geant NeMo] Analysis for Alert #221081 CRIT: IUCC (AS378) - [Customer] [IUCC] [Email_Analysis]

Hank Nussbacher hank at mail.iucc.ac.il
Wed Dec 6 02:49:02 IST 2023




________________________________________
From: nemo-ddos at geant.org <nemo-ddos at geant.org>
Sent: Wednesday, December 6, 2023 2:48:56 AM (UTC+02:00) Jerusalem
To: soc at geant.org
Subject: [Geant NeMo] Analysis for Alert #221081 CRIT: IUCC (AS378) - [Customer] [IUCC] [Email_Analysis]

Please find the analysis details for the Alert ID: 221081

Top-10 Src IPs by Packets:
  Packets   Est. Rate   % of Total              Src IP
-----------------------------------------------------
  1565700        5219         8.7%        132.74.20.45
   679500        2265         3.8%      118.123.105.93
   624000        2080         3.5%      209.85.137.254
   492900        1643         2.7%         31.13.84.52
   407400        1358         2.3%        173.194.10.6
   366600        1222         2.0%          31.13.84.4
   366000        1220         2.0%      216.58.204.142
   356100        1187         2.0%         31.13.84.15
   219300         731         1.2%       216.58.205.46
   217500         725         1.2%   2001:bf8:900:7::5

Top-10 Dst IPs by Packets:
   Packets   Est. Rate   % of Total            Dst IP
----------------------------------------------------
  52225800      174086       290.0%      192.114.7.10
   1866000        6220        10.4%   128.139.225.245
   1565400        5218         8.7%     51.16.175.215
    626700        2089         3.5%      132.65.44.96
    583800        1946         3.2%      132.65.44.95
    502500        1675         2.8%      128.139.35.5
    394200        1314         2.2%    128.139.34.240
    314100        1047         1.7%    128.139.200.60
    303000        1010         1.7%    128.139.200.61
    298200         994         1.7%    128.139.12.156

Top-10 Possible Targets by Bytes:
        Src IP   Src Port          Dst IP   Dst Port   Sampled Count
------------------------------------------------------------------
                             192.114.7.10                68592154500
                             192.114.7.10                42512995800
                             192.114.7.10                42512995800
                       53    192.114.7.10                26071686900
  132.74.20.45       4500                                 2259817200
  132.74.20.45                                  4500      2259817200
  132.74.20.45                                            2259817200
                     4500   51.16.175.215                 2259780000
                            51.16.175.215       4500      2259780000
                            51.16.175.215                 2259780000

Further Details:
https://primary.nemo.geant.org/alerts/details/221081/


More information about the Nemo-ddos-list mailing list