[NeMo-DDoS-List] FW: [Geant NeMo] Analysis for Alert #218569 CRIT: IUCC (AS378) - [Customer] [IUCC] [Email_Analysis]

Hank Nussbacher hank at mail.iucc.ac.il
Tue Nov 28 21:27:10 IST 2023




________________________________________
From: nemo-ddos at geant.org <nemo-ddos at geant.org>
Sent: Tuesday, November 28, 2023 9:27:04 PM (UTC+02:00) Jerusalem
To: soc at geant.org
Subject: [Geant NeMo] Analysis for Alert #218569 CRIT: IUCC (AS378) - [Customer] [IUCC] [Email_Analysis]

Please find the analysis details for the Alert ID: 218569

Top-10 Src IPs by Packets:
  Packets   Est. Rate   % of Total          Src IP
-------------------------------------------------
  2211000        7370         5.1%     31.13.84.52
  1410000        4700         3.3%   132.66.52.232
  1162500        3875         2.7%    132.74.20.45
  1093800        3646         2.5%    8.209.68.216
  1005000        3350         2.3%   101.37.80.212
   984600        3282         2.3%     8.211.0.165
   981000        3270         2.3%    94.102.61.32
   961200        3204         2.2%    47.89.153.27
   882600        2942         2.0%   47.252.54.176
   877500        2925         2.0%    47.252.50.36

Top-10 Dst IPs by Packets:
  Packets   Est. Rate   % of Total            Dst IP
---------------------------------------------------
  3463500       11545         8.0%   128.139.225.245
  1587600        5292         3.7%     132.66.52.232
  1155600        3852         2.7%     51.16.175.215
   984600        3282         2.3%    95.189.151.236
   807000        2690         1.9%    192.114.23.221
   549600        1832         1.3%      132.65.44.95
   530400        1768         1.2%    192.114.91.214
   526500        1755         1.2%      128.139.35.5
   441600        1472         1.0%    128.139.34.240
   337800        1126         0.8%    192.114.91.215

Top-10 Possible Targets by Bytes:
        Src IP   Src Port            Dst IP   Dst Port   Sampled Count
--------------------------------------------------------------------
                            128.139.225.245                 3634487700
                      443   128.139.225.245                 3063908100
   31.13.84.52        443                                   2697948900
   31.13.84.52                                              2697948900
  132.74.20.45       4500                                   1663473600
  132.74.20.45                                    4500      1663473600
  132.74.20.45                                              1663473600
                     4500     51.16.175.215                 1661928000
                              51.16.175.215       4500      1661928000
                              51.16.175.215                 1661928000

Further Details:
https://primary.nemo.geant.org/alerts/details/218569/


More information about the Nemo-ddos-list mailing list