[NeMo-DDoS-List] FW: [Geant NeMo] Analysis for Alert #228799 WARN: IUCC (AS378) - [Email_Analysis] [Customer] [IUCC]

Hank Nussbacher hank at mail.iucc.ac.il
Wed Dec 27 12:35:09 IST 2023




________________________________________
From: nemo-ddos at geant.org <nemo-ddos at geant.org>
Sent: Wednesday, December 27, 2023 12:34:43 PM (UTC+02:00) Jerusalem
To: soc at geant.org
Subject: [Geant NeMo] Analysis for Alert #228799 WARN: IUCC (AS378) - [Email_Analysis] [Customer] [IUCC]

Please find the analysis details for the Alert ID: 228799

Top-10 Src IPs by Packets:
  Packets   Est. Rate   % of Total                               Src IP
----------------------------------------------------------------------
  3108000       10360         4.7%                       159.124.38.182
  2328900        7763         3.5%                          31.13.84.52
  2233200        7444         3.4%                       157.240.196.63
  2228100        7427         3.4%                       157.240.195.63
  2039400        6798         3.1%   2a03:2880:f207:c4:face:b00c:0:43fe
  1869900        6233         2.8%                           31.13.84.4
  1404900        4683         2.1%                          31.13.84.51
  1403100        4677         2.1%                       157.240.196.15
  1384500        4615         2.1%       2a03:2880:f007:8:face:b00c:0:1
  1316100        4387         2.0%                        142.251.209.1

Top-10 Dst IPs by Packets:
   Packets   Est. Rate   % of Total            Dst IP
----------------------------------------------------
  97123500      323745       146.3%      192.114.7.11
   3972000       13240         6.0%   128.139.225.245
   1405800        4686         2.1%    192.114.23.221
   1130400        3768         1.7%    192.114.91.248
   1124100        3747         1.7%     192.114.3.241
    859800        2866         1.3%       51.17.3.162
    823200        2744         1.2%    192.114.91.247
    716100        2387         1.1%      132.70.66.14
    664200        2214         1.0%    192.114.91.249
    642600        2142         1.0%    192.114.91.246

Top-10 Possible Targets by Bytes:
          Src IP   Src Port            Dst IP   Dst Port   Sampled Count
----------------------------------------------------------------------
                                 192.114.7.11               127011968100
                                 192.114.7.11                78626019000
                                 192.114.7.11                78626019000
                         53      192.114.7.11                48371235300
                              128.139.225.245                 4173885900
                        443   128.139.225.245                 3484373700
     31.13.84.52        443                                   2774281800
     31.13.84.52                                              2774281800
  157.240.196.63        443                                   2747137200
  157.240.196.63                                              2747137200

Further Details:
https://primary.nemo.geant.org/alerts/details/228799/


More information about the Nemo-ddos-list mailing list