[NeMo-DDoS-List] FW: [Geant NeMo] Analysis for Alert #212248 CRIT: IUCC (AS378) - [Customer] [IUCC] [Email_Analysis]

Hank Nussbacher hank at mail.iucc.ac.il
Tue Nov 14 05:20:15 IST 2023




________________________________________
From: nemo-ddos at geant.org <nemo-ddos at geant.org>
Sent: Tuesday, November 14, 2023 5:20:09 AM (UTC+02:00) Jerusalem
To: soc at geant.org
Subject: [Geant NeMo] Analysis for Alert #212248 CRIT: IUCC (AS378) - [Customer] [IUCC] [Email_Analysis]

Please find the analysis details for the Alert ID: 212248

Top-10 Src IPs by Packets:
   Packets   Est. Rate   % of Total            Src IP
----------------------------------------------------
  87559200      291864        38.8%     79.124.58.218
  17919900       59733         7.9%     94.131.117.45
   6224100       20747         2.8%      52.17.98.131
   4685700       15619         2.1%     154.62.137.34
   2613300        8711         1.2%     13.107.138.10
   2091600        6972         0.9%   142.250.180.170
   2017800        6726         0.9%     13.107.136.10
   2012400        6708         0.9%   142.250.180.138
   1974900        6583         0.9%   142.250.179.202
   1800000        6000         0.8%        3.5.28.236

Top-10 Dst IPs by Packets:
  Packets   Est. Rate   % of Total            Dst IP
---------------------------------------------------
  5015700       16719         2.2%     192.114.3.241
  4953300       16511         2.2%      132.70.2.148
  4688100       15627         2.1%      132.64.58.79
  2021400        6738         0.9%     132.74.73.159
  2002500        6675         0.9%    132.74.121.228
  1826700        6089         0.8%   128.139.225.245
  1654200        5514         0.7%      132.76.61.53
  1230300        4101         0.5%     132.66.174.70
  1200900        4003         0.5%      132.76.61.54
  1083600        3612         0.5%     128.139.200.4

Top-10 Possible Targets by Bytes:
           Src IP   Src Port           Dst IP   Dst Port   Sampled Count
----------------------------------------------------------------------
                         443     132.70.2.148                 7259523000
                                 132.70.2.148                 7259523000
    79.124.58.218                                             3502368000
                         443    132.74.73.159                 2893437000
                                132.74.73.159                 2893437000
                         443   132.74.121.228                 2878606800
                               132.74.121.228                 2878606800
  142.250.179.202        443                                  2835940500
  142.250.179.202                                             2835940500
       3.5.28.236        443                                  2648481600

Further Details:
https://primary.nemo.geant.org/alerts/details/212248/


More information about the Nemo-ddos-list mailing list