[NeMo-DDoS-List] FW: [Geant NeMo] Analysis for Alert #215423 WARN: IUCC (AS378) - [Customer] [IUCC] [Email_Analysis]

Hank Nussbacher hank at mail.iucc.ac.il
Sun Nov 19 20:37:14 IST 2023




________________________________________
From: nemo-ddos at geant.org <nemo-ddos at geant.org>
Sent: Sunday, November 19, 2023 8:37:06 PM (UTC+02:00) Jerusalem
To: soc at geant.org
Subject: [Geant NeMo] Analysis for Alert #215423 WARN: IUCC (AS378) - [Customer] [IUCC] [Email_Analysis]

Please find the analysis details for the Alert ID: 215423

Top-10 Src IPs by Packets:
   Packets   Est. Rate   % of Total           Src IP
---------------------------------------------------
  57219000      190730        46.2%    89.248.165.83
  24804900       82683        20.0%     92.63.196.57
   4693800       15646         3.8%     52.17.98.131
   2755200        9184         2.2%    37.120.234.65
   2010000        6700         1.6%      94.102.61.5
   1591800        5306         1.3%     192.3.154.58
   1010100        3367         0.8%   192.241.196.33
    984600        3282         0.8%     94.102.61.42
    916500        3055         0.7%    162.243.128.5
    620400        2068         0.5%   192.241.216.15

Top-10 Dst IPs by Packets:
  Packets   Est. Rate   % of Total            Dst IP
---------------------------------------------------
    46500         155         0.0%      192.114.1.98
    44700         149         0.0%     104.22.48.147
    39000         130         0.0%      132.76.61.53
    36300         121         0.0%      132.76.61.54
    26400          88         0.0%   128.139.225.245
    22200          74         0.0%     192.114.3.241
    18000          60         0.0%      132.64.131.6
    18000          60         0.0%      132.64.7.205
    17100          57         0.0%       132.64.56.8
    16500          55         0.0%     132.64.77.111

Top-10 Possible Targets by Bytes:
         Src IP   Src Port   Dst IP   Dst Port   Sampled Count
------------------------------------------------------------
  89.248.165.83      58372                          2288760000
  89.248.165.83                                     2288760000
   92.63.196.57      58215                           992196000
   92.63.196.57                                      992196000
   52.17.98.131                                      187753200
  37.120.234.65      57374                           110208000
  37.120.234.65                                      110208000
    94.102.61.5                                       88440000
   192.3.154.58      40078                            63672000
   192.3.154.58                                       63672000

Further Details:
https://primary.nemo.geant.org/alerts/details/215423/


More information about the Nemo-ddos-list mailing list