[NeMo-DDoS-List] FW: [Geant NeMo] Analysis for Alert #208274 WARN: IUCC (AS378) - [IUCC] [Customer] [Email_Analysis]

Hank Nussbacher hank at mail.iucc.ac.il
Sun Nov 5 21:24:12 IST 2023




________________________________________
From: nemo-ddos at geant.org <nemo-ddos at geant.org>
Sent: Sunday, November 5, 2023 9:24:07 PM (UTC+02:00) Jerusalem
To: soc at geant.org
Subject: [Geant NeMo] Analysis for Alert #208274 WARN: IUCC (AS378) - [IUCC] [Customer] [Email_Analysis]

Please find the analysis details for the Alert ID: 208274

Top-10 Src IPs by Packets:
   Packets   Est. Rate   % of Total            Src IP
----------------------------------------------------
  78839400      262798        28.0%     89.248.165.48
  69598800      231996        24.7%     92.63.196.170
  52198500      173995        18.5%     92.63.196.176
  33348300      111161        11.8%    89.248.165.242
  13735800       45786         4.9%     94.131.117.45
   4907400       16358         1.7%       94.102.61.2
   2793000        9310         1.0%   173.212.236.239
    998700        3329         0.4%      94.102.61.47
    958800        3196         0.3%    192.241.221.43
    876300        2921         0.3%    192.241.235.25

Top-10 Dst IPs by Packets:
  Packets   Est. Rate   % of Total          Dst IP
-------------------------------------------------
    78300         261         0.0%   132.64.15.181
    76500         255         0.0%   132.64.15.182
    75300         251         0.0%   132.64.15.198
    73800         246         0.0%   132.64.15.187
    72600         242         0.0%   132.64.15.197
    72300         241         0.0%   132.64.15.185
    71700         239         0.0%   132.64.15.184
    70800         236         0.0%   132.64.15.186
    70200         234         0.0%   132.64.15.180
    69300         231         0.0%   132.64.15.183

Top-10 Possible Targets by Bytes:
          Src IP   Src Port   Dst IP   Dst Port   Sampled Count
-------------------------------------------------------------
   89.248.165.48                                     3153576000
   92.63.196.170                                     2782974000
   92.63.196.170      51606                          2561928000
   89.248.165.48      51575                          2561304000
   92.63.196.176      51667                          2087940000
   92.63.196.176                                     2087940000
  89.248.165.242      51710                          1333932000
  89.248.165.242                                     1333932000
   89.248.165.48      51750                           592272000
   94.131.117.45      51545                           549432000

Further Details:
https://primary.nemo.geant.org/alerts/details/208274/


More information about the Nemo-ddos-list mailing list