[NeMo-DDoS-List] FW: [Geant NeMo] Analysis for Alert #212254 CRIT: IUCC (AS378) - [Customer] [IUCC] [Email_Analysis]

Hank Nussbacher hank at mail.iucc.ac.il
Tue Nov 14 05:24:08 IST 2023




________________________________________
From: nemo-ddos at geant.org <nemo-ddos at geant.org>
Sent: Tuesday, November 14, 2023 5:24:03 AM (UTC+02:00) Jerusalem
To: soc at geant.org
Subject: [Geant NeMo] Analysis for Alert #212254 CRIT: IUCC (AS378) - [Customer] [IUCC] [Email_Analysis]

Please find the analysis details for the Alert ID: 212254

Top-10 Src IPs by Packets:
   Packets   Est. Rate   % of Total            Src IP
----------------------------------------------------
  87559200      291864        40.0%     79.124.58.218
  17919900       59733         8.2%     94.131.117.45
   6221100       20737         2.8%      52.17.98.131
   4685700       15619         2.1%     154.62.137.34
   2613300        8711         1.2%     13.107.138.10
   2017800        6726         0.9%     13.107.136.10
   1974900        6583         0.9%   142.250.179.202
   1956000        6520         0.9%   142.250.180.170
   1891800        6306         0.9%   142.250.180.138
   1800000        6000         0.8%        3.5.28.236

Top-10 Dst IPs by Packets:
  Packets   Est. Rate   % of Total            Dst IP
---------------------------------------------------
  4953300       16511         2.3%      132.70.2.148
  4920300       16401         2.2%     192.114.3.241
  4688100       15627         2.1%      132.64.58.79
  2021400        6738         0.9%     132.74.73.159
  2002500        6675         0.9%    132.74.121.228
  1654200        5514         0.8%      132.76.61.53
  1420800        4736         0.6%   128.139.225.245
  1230300        4101         0.6%     132.66.174.70
  1200900        4003         0.5%      132.76.61.54
   982800        3276         0.4%     132.66.251.11

Top-10 Possible Targets by Bytes:
           Src IP   Src Port           Dst IP   Dst Port   Sampled Count
----------------------------------------------------------------------
                         443     132.70.2.148                 7259523000
                                 132.70.2.148                 7259523000
    79.124.58.218                                             3502368000
                         443    132.74.73.159                 2893437000
                                132.74.73.159                 2893437000
                         443   132.74.121.228                 2878606800
                               132.74.121.228                 2878606800
  142.250.179.202        443                                  2835940500
  142.250.179.202                                             2835940500
       3.5.28.236        443                                  2648481600

Further Details:
https://primary.nemo.geant.org/alerts/details/212254/


More information about the Nemo-ddos-list mailing list