[NeMo-DDoS-List] FW: [Geant NeMo] Analysis for Alert #226976 WARN: IUCC (AS378) - [Email_Analysis] [Customer] [IUCC]

Hank Nussbacher hank at mail.iucc.ac.il
Fri Dec 22 16:09:59 IST 2023




________________________________________
From: nemo-ddos at geant.org <nemo-ddos at geant.org>
Sent: Friday, December 22, 2023 4:09:52 PM (UTC+02:00) Jerusalem
To: soc at geant.org
Subject: [Geant NeMo] Analysis for Alert #226976 WARN: IUCC (AS378) - [Email_Analysis] [Customer] [IUCC]

Please find the analysis details for the Alert ID: 226976

Top-10 Src IPs by Packets:
   Packets   Est. Rate   % of Total           Src IP
---------------------------------------------------
  11302800       37676        37.4%    104.156.155.8
    824400        2748         2.7%      186.211.1.7
    621600        2072         2.1%   103.77.214.248
    598200        1994         2.0%    107.170.245.9
    505500        1685         1.7%   94.156.189.228
    417900        1393         1.4%   89.248.165.212
    216600         722         0.7%     62.204.41.63
    196800         656         0.7%   183.136.225.42
    176400         588         0.6%    46.165.242.73
    174600         582         0.6%     77.90.185.12

Top-10 Dst IPs by Packets:
   Packets   Est. Rate   % of Total            Dst IP
----------------------------------------------------
  94229700      314099       311.9%     192.114.5.142
    109200         364         0.4%        132.72.6.1
     45900         153         0.2%      132.76.61.53
     39000         130         0.1%      132.76.61.54
     36300         121         0.1%      132.64.3.119
     24300          81         0.1%      132.65.40.89
     22200          74         0.1%      132.76.61.55
     16200          54         0.1%    192.114.23.221
     15600          52         0.1%   128.139.225.245
     14400          48         0.0%    192.114.91.214

Top-10 Possible Targets by Bytes:
          Src IP   Src Port          Dst IP   Dst Port   Sampled Count
--------------------------------------------------------------------
                              192.114.5.142                 5653393200
                              192.114.5.142        443      5653018800
   104.156.155.8      46198                                  452112000
   104.156.155.8                                             452112000
     186.211.1.7      62584                                   36273600
     186.211.1.7                                              36273600
                        443    132.65.40.89                   32778000
                               132.65.40.89                   32778000
  103.77.214.248      52964                                   24864000
  103.77.214.248                                  3389        24864000

Further Details:
https://primary.nemo.geant.org/alerts/details/226976/


More information about the Nemo-ddos-list mailing list