[NeMo-DDoS-List] FW: [Geant NeMo] Analysis for Alert #211744 WARN: IUCC (AS378) - [Customer] [IUCC] [Email_Analysis]
Hank Nussbacher
hank at mail.iucc.ac.il
Sun Nov 12 22:17:22 IST 2023
________________________________________
From: nemo-ddos at geant.org <nemo-ddos at geant.org>
Sent: Sunday, November 12, 2023 10:17:14 PM (UTC+02:00) Jerusalem
To: soc at geant.org
Subject: [Geant NeMo] Analysis for Alert #211744 WARN: IUCC (AS378) - [Customer] [IUCC] [Email_Analysis]
Please find the analysis details for the Alert ID: 211744
Top-10 Src IPs by Packets:
Packets Est. Rate % of Total Src IP
----------------------------------------------------
128090100 426967 25.7% 89.248.165.48
67661700 225539 13.6% 92.63.196.170
63939900 213133 12.9% 92.63.196.76
40161600 133872 8.1% 89.248.165.242
33022200 110074 6.6% 92.63.196.176
10400700 34669 2.1% 5.230.51.205
8487600 28292 1.7% 20.38.118.132
5366100 17887 1.1% 142.251.209.10
5169300 17231 1.0% 52.217.235.17
4851900 16173 1.0% 52.17.98.131
Top-10 Dst IPs by Packets:
Packets Est. Rate % of Total Dst IP
---------------------------------------------------
8487600 28292 1.7% 132.70.19.4
7883400 26278 1.6% 128.139.16.18
5169300 17231 1.0% 132.70.2.148
4279200 14264 0.9% 132.76.61.53
4150500 13835 0.8% 128.139.225.245
3875700 12919 0.8% 132.74.68.72
3691800 12306 0.7% 192.114.3.241
2935200 9784 0.6% 128.139.16.119
2849700 9499 0.6% 132.64.167.170
2830800 9436 0.6% 128.139.200.4
Top-10 Possible Targets by Bytes:
Src IP Src Port Dst IP Dst Port Sampled Count
--------------------------------------------------------------------
443 128.139.16.18 11414282400
128.139.16.18 11414282400
52.217.235.17 443 7545106800
52.217.235.17 45883 7545106800
52.217.235.17 7545106800
443 132.70.2.148 7545106800
132.70.2.148 45883 7545106800
132.70.2.148 7545106800
142.251.209.10 443 7338242700
142.251.209.10 7338242700
Further Details:
https://primary.nemo.geant.org/alerts/details/211744/
More information about the Nemo-ddos-list
mailing list