[NeMo-DDoS-List] FW: [Geant NeMo] Analysis for Alert #214221 WARN: IUCC (AS378) - [Customer] [IUCC] [Email_Analysis]

Hank Nussbacher hank at mail.iucc.ac.il
Fri Nov 17 14:42:11 IST 2023




________________________________________
From: nemo-ddos at geant.org <nemo-ddos at geant.org>
Sent: Friday, November 17, 2023 2:42:05 PM (UTC+02:00) Jerusalem
To: soc at geant.org
Subject: [Geant NeMo] Analysis for Alert #214221 WARN: IUCC (AS378) - [Customer] [IUCC] [Email_Analysis]

Please find the analysis details for the Alert ID: 214221

Top-10 Src IPs by Packets:
  Packets   Est. Rate   % of Total            Src IP
---------------------------------------------------
   708600        2362         2.4%    209.85.137.254
   691500        2305         2.4%       31.13.84.52
   435900        1453         1.5%     185.11.74.194
   428400        1428         1.5%     200.91.143.27
   388200        1294         1.3%   142.250.185.238
   319200        1064         1.1%      213.13.24.76
   303900        1013         1.0%     190.217.98.67
   287400         958         1.0%     163.70.147.63
   285900         953         1.0%     209.240.0.154
   274500         915         0.9%   181.143.204.170

Top-10 Dst IPs by Packets:
   Packets   Est. Rate   % of Total            Dst IP
----------------------------------------------------
  33877500      112925       116.0%      192.114.7.91
   3549900       11833        12.2%      132.68.239.9
   3545100       11817        12.1%        132.68.1.2
   3407700       11359        11.7%        132.68.1.9
   3370200       11234        11.5%      132.74.6.143
   2602200        8674         8.9%   128.139.225.245
    499800        1666         1.7%      128.139.35.5
    447000        1490         1.5%    128.139.34.240
    372300        1241         1.3%     132.71.85.155
    357600        1192         1.2%    128.139.200.61

Top-10 Possible Targets by Bytes:
       Src IP   Src Port            Dst IP   Dst Port   Sampled Count
-------------------------------------------------------------------
                              192.114.7.91                33647236800
                              192.114.7.91                23006638500
                              192.114.7.91                23004572700
                      19      192.114.7.91                 4779762900
                     123      192.114.7.91                 3688664400
                           128.139.225.245                 2458925400
                    3702      192.114.7.91                 1661073300
                     443   128.139.225.245                 1492103100
  31.13.84.52        443                                    835962600
  31.13.84.52                                               835962600

Further Details:
https://primary.nemo.geant.org/alerts/details/214221/


More information about the Nemo-ddos-list mailing list