[NeMo-DDoS-List] FW: [Geant NeMo] Analysis for Alert #208273 WARN: IUCC (AS378) - [IUCC] [Customer] [Email_Analysis]

Hank Nussbacher hank at mail.iucc.ac.il
Sun Nov 5 21:24:11 IST 2023




________________________________________
From: nemo-ddos at geant.org <nemo-ddos at geant.org>
Sent: Sunday, November 5, 2023 9:24:06 PM (UTC+02:00) Jerusalem
To: soc at geant.org
Subject: [Geant NeMo] Analysis for Alert #208273 WARN: IUCC (AS378) - [IUCC] [Customer] [Email_Analysis]

Please find the analysis details for the Alert ID: 208273

Top-10 Src IPs by Packets:
   Packets   Est. Rate   % of Total            Src IP
----------------------------------------------------
  78839400      262798        21.1%     89.248.165.48
  69600000      232000        18.6%     92.63.196.170
  52199100      173997        14.0%     92.63.196.176
  33348300      111161         8.9%    89.248.165.242
  13735800       45786         3.7%     94.131.117.45
   5055000       16850         1.4%     142.251.209.1
   4907400       16358         1.3%       94.102.61.2
   3546600       11822         0.9%     13.107.138.10
   3446400       11488         0.9%   142.250.179.202
   3294000       10980         0.9%   142.250.180.138

Top-10 Dst IPs by Packets:
  Packets   Est. Rate   % of Total            Dst IP
---------------------------------------------------
  6047400       20158         1.6%    132.64.186.144
  5031000       16770         1.3%    192.114.21.139
  4786800       15956         1.3%     192.114.3.241
  4472400       14908         1.2%   128.139.225.245
  4036200       13454         1.1%     128.139.200.5
  2951100        9837         0.8%     132.64.165.32
  2151600        7172         0.6%      132.76.61.54
  2118300        7061         0.6%      132.64.60.34
  2097900        6993         0.6%     132.73.113.43
  2047200        6824         0.5%     132.74.73.159

Top-10 Possible Targets by Bytes:
         Src IP   Src Port           Dst IP   Dst Port   Sampled Count
--------------------------------------------------------------------
                             132.64.186.144                 8776004400
                       443   132.64.186.144                 8775968400
  142.251.209.1        443                                  7326466200
  142.251.209.1                                             7326466200
                       443   192.114.21.139                 7302022200
                             192.114.21.139                 7302022200
  142.251.209.1                                  56211      7302010200
                             192.114.21.139      56211      7302010200
                       443    128.139.200.5                 5128818600
                              128.139.200.5                 5128818600

Further Details:
https://primary.nemo.geant.org/alerts/details/208273/


More information about the Nemo-ddos-list mailing list