[NeMo-DDoS-List] FW: [Geant NeMo] Analysis for Alert #206796 WARN: IUCC (AS378) - [IUCC] [Customer] [Email_Analysis]

Hank Nussbacher hank at mail.iucc.ac.il
Fri Nov 3 17:09:57 IST 2023




________________________________________
From: nemo-ddos at geant.org <nemo-ddos at geant.org>
Sent: Friday, November 3, 2023 5:09:51 PM (UTC+02:00) Jerusalem
To: soc at geant.org
Subject: [Geant NeMo] Analysis for Alert #206796 WARN: IUCC (AS378) - [IUCC] [Customer] [Email_Analysis]

Please find the analysis details for the Alert ID: 206796

Top-10 Src IPs by Packets:
  Packets   Est. Rate   % of Total           Src IP
--------------------------------------------------
   887700        2959         4.4%    151.106.41.20
   682500        2275         3.4%      31.13.84.52
   606600        2022         3.0%   209.85.137.254
   564000        1880         2.8%   192.241.206.15
   318300        1061         1.6%   157.240.195.63
   294300         981         1.5%   157.240.196.63
   289200         964         1.4%       31.13.84.4
   228300         761         1.1%    216.58.209.33
   219600         732         1.1%    128.139.200.5
   207300         691         1.0%    128.139.200.4

Top-10 Dst IPs by Packets:
   Packets   Est. Rate   % of Total            Dst IP
----------------------------------------------------
  65302500      217675       326.3%       128.139.7.3
   2095200        6984        10.5%   128.139.225.245
    493800        1646         2.5%      128.139.35.5
    436500        1455         2.2%    128.139.34.240
    412200        1374         2.1%    128.139.200.61
    300300        1001         1.5%    192.114.91.214
    279000         930         1.4%    192.114.91.211
    213900         713         1.1%     192.178.18.26
    207900         693         1.0%     128.139.200.4
    199200         664         1.0%     192.178.19.26

Top-10 Possible Targets by Bytes:
       Src IP   Src Port            Dst IP   Dst Port   Sampled Count
-------------------------------------------------------------------
                               128.139.7.3                80635079100
                               128.139.7.3                47961470400
                               128.139.7.3                47961470400
                      53       128.139.7.3                31655891700
                               128.139.7.3         80     20285394600
                           128.139.225.245                 2147496000
                     443   128.139.225.245                 1732245000
  31.13.84.52        443                                    825269100
  31.13.84.52                                               825269100
                     123       128.139.7.3                  640170000

Further Details:
https://primary.nemo.geant.org/alerts/details/206796/


More information about the Nemo-ddos-list mailing list