[NeMo-DDoS-List] FW: [Geant NeMo] Analysis for Alert #213236 WARN: IUCC (AS378) - [Customer] [IUCC] [Email_Analysis]

Hank Nussbacher hank at mail.iucc.ac.il
Thu Nov 16 05:25:13 IST 2023




________________________________________
From: nemo-ddos at geant.org <nemo-ddos at geant.org>
Sent: Thursday, November 16, 2023 5:25:06 AM (UTC+02:00) Jerusalem
To: soc at geant.org
Subject: [Geant NeMo] Analysis for Alert #213236 WARN: IUCC (AS378) - [Customer] [IUCC] [Email_Analysis]

Please find the analysis details for the Alert ID: 213236

Top-10 Src IPs by Packets:
  Packets   Est. Rate   % of Total           Src IP
--------------------------------------------------
  6643500       22145        16.4%     52.17.98.131
  5866500       19555        14.5%     94.102.61.46
  2583900        8613         6.4%    94.131.117.45
  1022100        3407         2.5%     94.102.61.53
   966600        3222         2.4%   168.80.174.100
   771600        2572         1.9%    198.98.57.135
   730500        2435         1.8%   198.199.118.94
   710100        2367         1.8%   118.123.105.93
   473700        1579         1.2%    116.153.1.110
   402300        1341         1.0%     45.56.111.60

Top-10 Dst IPs by Packets:
   Packets   Est. Rate   % of Total           Dst IP
---------------------------------------------------
  99377400      331258       245.0%    192.114.7.161
    154200         514         0.4%       132.72.6.1
     44700         149         0.1%     192.114.1.98
     31800         106         0.1%     132.76.61.53
     29100          97         0.1%     132.76.61.54
     26100          87         0.1%      172.67.24.1
     20700          69         0.1%   132.67.180.208
     17400          58         0.0%   132.76.150.110
     15300          51         0.0%     132.76.61.55
     14700          49         0.0%   132.66.108.154

Top-10 Possible Targets by Bytes:
         Src IP   Src Port          Dst IP   Dst Port   Sampled Count
-------------------------------------------------------------------
                             192.114.7.161        443      3975096000
                             192.114.7.161                 3975096000
   52.17.98.131                                             265749600
   94.102.61.46                                             258126000
  94.131.117.45      44144                                  103356000
  94.131.117.45                                             103356000
   94.102.61.53                                  8411        44972400
   94.102.61.53                                              44972400
   94.102.61.46                                  2195        44853600
   94.102.61.46                                  2130        43243200

Further Details:
https://primary.nemo.geant.org/alerts/details/213236/


More information about the Nemo-ddos-list mailing list