[NeMo-DDoS-List] FW: [Geant NeMo] Analysis for Alert #215426 WARN: IUCC (AS378) - [Customer] [IUCC] [Email_Analysis]

Hank Nussbacher hank at mail.iucc.ac.il
Sun Nov 19 20:40:33 IST 2023




________________________________________
From: nemo-ddos at geant.org <nemo-ddos at geant.org>
Sent: Sunday, November 19, 2023 8:40:26 PM (UTC+02:00) Jerusalem
To: soc at geant.org
Subject: [Geant NeMo] Analysis for Alert #215426 WARN: IUCC (AS378) - [Customer] [IUCC] [Email_Analysis]

Please find the analysis details for the Alert ID: 215426

Top-10 Src IPs by Packets:
    Packets   Est. Rate   % of Total           Src IP
----------------------------------------------------
  108453300      361511        21.7%    92.63.196.170
   64219800      214066        12.9%   89.248.165.106
   64022100      213407        12.8%     92.63.196.57
   62719200      209064        12.6%     92.63.196.58
   28303800       94346         5.7%    89.248.165.83
   25727100       85757         5.2%     92.63.196.77
   13695600       45652         2.7%    92.63.196.176
    7441200       24804         1.5%     92.63.196.78
    5241900       17473         1.1%     92.63.196.76
    5170500       17235         1.0%   142.251.209.42

Top-10 Dst IPs by Packets:
  Packets   Est. Rate   % of Total            Dst IP
---------------------------------------------------
  6987300       23291         1.4%      132.65.52.16
  6692700       22309         1.3%      132.65.52.18
  4687800       15626         0.9%   128.139.225.245
  4365000       14550         0.9%    132.66.144.129
  3798600       12662         0.8%     192.114.3.241
  2158500        7195         0.4%     128.139.200.4
  2055900        6853         0.4%      132.76.61.54
  1815900        6053         0.4%     132.64.72.110
  1786800        5956         0.4%     132.74.73.159
  1570800        5236         0.3%    132.74.117.125

Top-10 Possible Targets by Bytes:
          Src IP   Src Port            Dst IP   Dst Port   Sampled Count
----------------------------------------------------------------------
                        443      132.65.52.16                10272530100
                                 132.65.52.16                10272530100
                        443      132.65.52.18                 9838019100
                                 132.65.52.18                 9838019100
  142.251.209.42        443                                   6072160200
  142.251.209.42                                              6072160200
                              128.139.225.245                 5946424200
                        443    132.66.144.129                 5335242300
                               132.66.144.129                 5335242300
                        443   128.139.225.245                 5062271700

Further Details:
https://primary.nemo.geant.org/alerts/details/215426/


More information about the Nemo-ddos-list mailing list