[NeMo-DDoS-List] FW: [Geant NeMo] Analysis for Alert #206796 WARN: IUCC (AS378) - [IUCC] [Customer] [Email_Analysis]
Hank Nussbacher
hank at mail.iucc.ac.il
Fri Nov 3 17:09:57 IST 2023
________________________________________
From: nemo-ddos at geant.org <nemo-ddos at geant.org>
Sent: Friday, November 3, 2023 5:09:51 PM (UTC+02:00) Jerusalem
To: soc at geant.org
Subject: [Geant NeMo] Analysis for Alert #206796 WARN: IUCC (AS378) - [IUCC] [Customer] [Email_Analysis]
Please find the analysis details for the Alert ID: 206796
Top-10 Src IPs by Packets:
Packets Est. Rate % of Total Src IP
--------------------------------------------------
887700 2959 4.4% 151.106.41.20
682500 2275 3.4% 31.13.84.52
606600 2022 3.0% 209.85.137.254
564000 1880 2.8% 192.241.206.15
318300 1061 1.6% 157.240.195.63
294300 981 1.5% 157.240.196.63
289200 964 1.4% 31.13.84.4
228300 761 1.1% 216.58.209.33
219600 732 1.1% 128.139.200.5
207300 691 1.0% 128.139.200.4
Top-10 Dst IPs by Packets:
Packets Est. Rate % of Total Dst IP
----------------------------------------------------
65302500 217675 326.3% 128.139.7.3
2095200 6984 10.5% 128.139.225.245
493800 1646 2.5% 128.139.35.5
436500 1455 2.2% 128.139.34.240
412200 1374 2.1% 128.139.200.61
300300 1001 1.5% 192.114.91.214
279000 930 1.4% 192.114.91.211
213900 713 1.1% 192.178.18.26
207900 693 1.0% 128.139.200.4
199200 664 1.0% 192.178.19.26
Top-10 Possible Targets by Bytes:
Src IP Src Port Dst IP Dst Port Sampled Count
-------------------------------------------------------------------
128.139.7.3 80635079100
128.139.7.3 47961470400
128.139.7.3 47961470400
53 128.139.7.3 31655891700
128.139.7.3 80 20285394600
128.139.225.245 2147496000
443 128.139.225.245 1732245000
31.13.84.52 443 825269100
31.13.84.52 825269100
123 128.139.7.3 640170000
Further Details:
https://primary.nemo.geant.org/alerts/details/206796/
More information about the Nemo-ddos-list
mailing list