[NeMo-DDoS-List] FW: [Geant NeMo] Analysis for Alert #212252 CRIT: IUCC (AS378) - [Customer] [IUCC] [Email_Analysis]

Hank Nussbacher hank at mail.iucc.ac.il
Tue Nov 14 05:20:25 IST 2023




________________________________________
From: nemo-ddos at geant.org <nemo-ddos at geant.org>
Sent: Tuesday, November 14, 2023 5:20:21 AM (UTC+02:00) Jerusalem
To: soc at geant.org
Subject: [Geant NeMo] Analysis for Alert #212252 CRIT: IUCC (AS378) - [Customer] [IUCC] [Email_Analysis]

Please find the analysis details for the Alert ID: 212252

Top-10 Src IPs by Packets:
   Packets   Est. Rate   % of Total            Src IP
----------------------------------------------------
  87559200      291864        57.9%     79.124.58.218
  17919900       59733        11.8%     94.131.117.45
   6221100       20737         4.1%      52.17.98.131
   1045500        3485         0.7%       94.102.61.2
    915300        3051         0.6%      137.184.6.21
    901800        3006         0.6%    192.241.199.29
    850800        2836         0.6%   198.199.119.104
    836100        2787         0.6%    198.199.104.15
    590400        1968         0.4%       47.89.157.6
    573000        1910         0.4%     47.252.18.116

Top-10 Dst IPs by Packets:
  Packets   Est. Rate   % of Total           Dst IP
--------------------------------------------------
    65400         218         0.0%    132.73.238.12
    63300         211         0.0%    194.63.239.88
    61500         205         0.0%   132.73.238.209
    60600         202         0.0%    132.73.238.93
    60300         201         0.0%    132.73.238.31
    59700         199         0.0%   132.73.238.141
    58500         195         0.0%   132.73.238.113
    57900         193         0.0%   132.73.238.149
    57600         192         0.0%   132.73.238.172
    57000         190         0.0%   132.73.238.206

Top-10 Possible Targets by Bytes:
         Src IP   Src Port   Dst IP   Dst Port   Sampled Count
------------------------------------------------------------
  79.124.58.218                                     3502368000
  94.131.117.45                                      716796000
  94.131.117.45      50679                           562116000
  79.124.58.218      65532                           446556000
  79.124.58.218      65533                           441936000
  79.124.58.218      65530                           438624000
  79.124.58.218      65529                           436284000
  79.124.58.218      65534                           435996000
  79.124.58.218      65531                           435072000
  79.124.58.218      65528                           434244000

Further Details:
https://primary.nemo.geant.org/alerts/details/212252/


More information about the Nemo-ddos-list mailing list