[NeMo-DDoS-List] FW: [Geant NeMo] Analysis for Alert #211744 WARN: IUCC (AS378) - [Customer] [IUCC] [Email_Analysis]

Hank Nussbacher hank at mail.iucc.ac.il
Sun Nov 12 22:17:22 IST 2023




________________________________________
From: nemo-ddos at geant.org <nemo-ddos at geant.org>
Sent: Sunday, November 12, 2023 10:17:14 PM (UTC+02:00) Jerusalem
To: soc at geant.org
Subject: [Geant NeMo] Analysis for Alert #211744 WARN: IUCC (AS378) - [Customer] [IUCC] [Email_Analysis]

Please find the analysis details for the Alert ID: 211744

Top-10 Src IPs by Packets:
    Packets   Est. Rate   % of Total           Src IP
----------------------------------------------------
  128090100      426967        25.7%    89.248.165.48
   67661700      225539        13.6%    92.63.196.170
   63939900      213133        12.9%     92.63.196.76
   40161600      133872         8.1%   89.248.165.242
   33022200      110074         6.6%    92.63.196.176
   10400700       34669         2.1%     5.230.51.205
    8487600       28292         1.7%    20.38.118.132
    5366100       17887         1.1%   142.251.209.10
    5169300       17231         1.0%    52.217.235.17
    4851900       16173         1.0%     52.17.98.131

Top-10 Dst IPs by Packets:
  Packets   Est. Rate   % of Total            Dst IP
---------------------------------------------------
  8487600       28292         1.7%       132.70.19.4
  7883400       26278         1.6%     128.139.16.18
  5169300       17231         1.0%      132.70.2.148
  4279200       14264         0.9%      132.76.61.53
  4150500       13835         0.8%   128.139.225.245
  3875700       12919         0.8%      132.74.68.72
  3691800       12306         0.7%     192.114.3.241
  2935200        9784         0.6%    128.139.16.119
  2849700        9499         0.6%    132.64.167.170
  2830800        9436         0.6%     128.139.200.4

Top-10 Possible Targets by Bytes:
          Src IP   Src Port          Dst IP   Dst Port   Sampled Count
--------------------------------------------------------------------
                        443   128.139.16.18                11414282400
                              128.139.16.18                11414282400
   52.217.235.17        443                                 7545106800
   52.217.235.17                                 45883      7545106800
   52.217.235.17                                            7545106800
                        443    132.70.2.148                 7545106800
                               132.70.2.148      45883      7545106800
                               132.70.2.148                 7545106800
  142.251.209.10        443                                 7338242700
  142.251.209.10                                            7338242700

Further Details:
https://primary.nemo.geant.org/alerts/details/211744/


More information about the Nemo-ddos-list mailing list