[NeMo-DDoS-List] FW: [Geant NeMo] Analysis for Alert #215145 WARN: IUCC (AS378) - [Customer] [IUCC] [Email_Analysis]

Hank Nussbacher hank at mail.iucc.ac.il
Sun Nov 19 05:27:10 IST 2023




________________________________________
From: nemo-ddos at geant.org <nemo-ddos at geant.org>
Sent: Sunday, November 19, 2023 5:27:02 AM (UTC+02:00) Jerusalem
To: soc at geant.org
Subject: [Geant NeMo] Analysis for Alert #215145 WARN: IUCC (AS378) - [Customer] [IUCC] [Email_Analysis]

Please find the analysis details for the Alert ID: 215145

Top-10 Src IPs by Packets:
  Packets   Est. Rate   % of Total           Src IP
--------------------------------------------------
  7540200       25134        15.2%    193.37.213.15
  5547600       18492        11.2%     52.17.98.131
  1511100        5037         3.0%     192.3.154.58
  1099800        3666         2.2%     192.114.7.10
   993900        3313         2.0%     94.102.61.28
   952500        3175         1.9%   129.107.255.16
   847500        2825         1.7%   198.199.115.21
   711300        2371         1.4%   162.243.146.62
   583200        1944         1.2%     2.56.247.170
   571800        1906         1.1%    47.89.134.184

Top-10 Dst IPs by Packets:
   Packets   Est. Rate   % of Total            Dst IP
----------------------------------------------------
  69343500      231145       139.4%      192.114.7.10
    952500        3175         1.9%   192.114.101.113
    125700         419         0.3%      132.71.98.19
     42300         141         0.1%      192.114.1.98
     33600         112         0.1%    132.64.134.150
     33300         111         0.1%    132.64.134.215
     33000         110         0.1%    132.64.134.196
     31200         104         0.1%    132.64.134.106
     31200         104         0.1%    132.64.134.185
     30900         103         0.1%    132.64.134.195

Top-10 Possible Targets by Bytes:
          Src IP   Src Port            Dst IP   Dst Port   Sampled Count
----------------------------------------------------------------------
                                 192.114.7.10         80      3604891200
                                 192.114.7.10                 3604891200
  129.107.255.16       1094                                   1426022100
  129.107.255.16                                   57656      1426022100
  129.107.255.16                                              1426022100
                       1094   192.114.101.113                 1426022100
                              192.114.101.113      57656      1426022100
                              192.114.101.113                 1426022100
   193.37.213.15      43520                                    301608000
   193.37.213.15                                               301608000

Further Details:
https://primary.nemo.geant.org/alerts/details/215145/


More information about the Nemo-ddos-list mailing list