[NeMo-DDoS-List] FW: [Geant NeMo] Analysis for Alert #228691 CRIT: IUCC (AS378) - [Email_Analysis] [Customer] [IUCC]

Hank Nussbacher hank at mail.iucc.ac.il
Wed Dec 27 04:12:56 IST 2023




________________________________________
From: nemo-ddos at geant.org <nemo-ddos at geant.org>
Sent: Wednesday, December 27, 2023 4:12:50 AM (UTC+02:00) Jerusalem
To: soc at geant.org
Subject: [Geant NeMo] Analysis for Alert #228691 CRIT: IUCC (AS378) - [Email_Analysis] [Customer] [IUCC]

Please find the analysis details for the Alert ID: 228691

Top-10 Src IPs by Packets:
  Packets   Est. Rate   % of Total               Src IP
------------------------------------------------------
  1382400        4608         8.5%         132.74.20.45
   945000        3150         5.8%        162.243.137.4
   328200        1094         2.0%       192.115.46.100
   282600         942         1.7%       157.240.195.63
   251100         837         1.6%         173.194.10.6
   247500         825         1.5%      128.139.225.245
   212400         708         1.3%   2001:4860:4812::1a
   202200         674         1.2%          132.76.61.2
   198900         663         1.2%        216.58.205.46
   189900         633         1.2%    2001:bf8:900:7::5

Top-10 Dst IPs by Packets:
   Packets   Est. Rate   % of Total            Dst IP
----------------------------------------------------
  48451500      161505       299.5%      192.114.7.11
   2204700        7349        13.6%    192.115.46.100
   1517100        5057         9.4%       132.76.61.2
   1400700        4669         8.7%   128.139.225.245
   1394400        4648         8.6%       132.76.61.1
   1382400        4608         8.5%       51.17.3.162
    455700        1519         2.8%      132.65.44.96
    439200        1464         2.7%      132.65.44.95
    374400        1248         2.3%    128.139.34.240
    361200        1204         2.2%      128.139.35.5

Top-10 Possible Targets by Bytes:
        Src IP   Src Port         Dst IP   Dst Port   Sampled Count
-----------------------------------------------------------------
                            192.114.7.11                63371427300
                            192.114.7.11                39277741200
                            192.114.7.11                39277741200
                       53   192.114.7.11                24086290800
  132.74.20.45       4500                                2030332800
  132.74.20.45                                 4500      2030332800
  132.74.20.45                                           2030332800
                     4500    51.17.3.162                 2030332800
                             51.17.3.162       4500      2030332800
                             51.17.3.162                 2030332800

Further Details:
https://primary.nemo.geant.org/alerts/details/228691/


More information about the Nemo-ddos-list mailing list