[NeMo-DDoS-List] FW: [Geant NeMo] Analysis for Alert #212954 WARN: IUCC (AS378) - [Customer] [IUCC] [Email_Analysis]

Hank Nussbacher hank at mail.iucc.ac.il
Wed Nov 15 17:44:19 IST 2023




________________________________________
From: nemo-ddos at geant.org <nemo-ddos at geant.org>
Sent: Wednesday, November 15, 2023 5:44:12 PM (UTC+02:00) Jerusalem
To: soc at geant.org
Subject: [Geant NeMo] Analysis for Alert #212954 WARN: IUCC (AS378) - [Customer] [IUCC] [Email_Analysis]

Please find the analysis details for the Alert ID: 212954

Top-10 Src IPs by Packets:
   Packets   Est. Rate   % of Total            Src IP
----------------------------------------------------
  40092000      133640        58.0%    89.248.163.197
   2137500        7125         3.1%     94.131.117.45
   1564800        5216         2.3%     138.199.62.33
   1048200        3494         1.5%      94.102.61.27
    944400        3148         1.4%    162.243.143.11
    825000        2750         1.2%    198.199.115.29
    763800        2546         1.1%    104.156.155.12
    748200        2494         1.1%    192.241.226.52
    740700        2469         1.1%   211.137.207.163
    582900        1943         0.8%      2.56.247.171

Top-10 Dst IPs by Packets:
  Packets   Est. Rate   % of Total            Dst IP
---------------------------------------------------
   249900         833         0.4%     132.72.168.27
   210900         703         0.3%    132.70.152.110
   143400         478         0.2%        132.72.6.1
   116700         389         0.2%     132.66.251.11
    82800         276         0.1%      132.72.8.247
    71700         239         0.1%      132.76.61.54
    61200         204         0.1%      132.65.44.95
    59100         197         0.1%   192.114.105.254
    56400         188         0.1%      132.76.61.53
    36900         123         0.1%      192.114.1.98

Top-10 Possible Targets by Bytes:
          Src IP   Src Port          Dst IP   Dst Port   Sampled Count
--------------------------------------------------------------------
  89.248.163.197                                            1603680000
  89.248.163.197      42346                                 1334604000
   184.30.24.134        443                                  373809300
   184.30.24.134                                 50844       373809300
   184.30.24.134                                             373809300
                        443   132.72.168.27                  373809300
                              132.72.168.27      50844       373809300
                              132.72.168.27                  373809300
      23.2.13.51        443                                  314747400
      23.2.13.51                                 54363       314747400

Further Details:
https://primary.nemo.geant.org/alerts/details/212954/


More information about the Nemo-ddos-list mailing list