[NeMo-DDoS-List] [Geant NeMo] Analysis for Alert #192931 WARN: IUCC (AS378) - [IUCC] [Customer] [Email_Analysis]
Hank Nussbacher
hank at mail.iucc.ac.il
Wed Oct 4 17:23:11 IDT 2023
This will keep happening since NeMo doesn't have the ability to whitelist /24s that generate lots of sudden data - such as the CERN ATLAS group.
192.114.101.0/24 as a destination is one such segment located at Technion which receives data from ATLAS.
Regards,
Hank
-----Original Message-----
From: nemo-ddos at geant.org <nemo-ddos at geant.org>
Sent: Wednesday, 4 October 2023 14:16
To: soc at geant.org
Subject: [Geant NeMo] Analysis for Alert #192931 WARN: IUCC (AS378) - [IUCC] [Customer] [Email_Analysis]
Please find the analysis details for the Alert ID: 192931
Top-10 Src IPs by Packets:
Packets Est. Rate % of Total Src IP
----------------------------------------------------
70102500 233675 17.1% 142.250.180.187
66857100 222857 16.3% 216.58.204.155
61320000 204400 15.0% 142.251.209.59
13896000 46320 3.4% 216.58.209.59
9131700 30439 2.2% 132.70.228.201
7299300 24331 1.8% 45.79.133.162
4574700 15249 1.1% 142.251.209.27
3742800 12476 0.9% 142.250.179.138
3576600 11922 0.9% 152.199.21.175
3373500 11245 0.8% 209.197.3.8
Top-10 Dst IPs by Packets:
Packets Est. Rate % of Total Dst IP
----------------------------------------------------
24898200 82994 6.1% 192.114.101.187
24539400 81798 6.0% 132.71.132.1
19571100 65237 4.8% 192.114.101.209
10822200 36074 2.6% 192.114.101.100
10432500 34775 2.6% 192.114.101.94
10294500 34315 2.5% 192.114.101.96
10211400 34038 2.5% 192.114.101.77
10202700 34009 2.5% 192.114.101.163
10131600 33772 2.5% 192.114.101.90
9952200 33174 2.4% 192.114.101.87
Top-10 Possible Targets by Bytes:
Src IP Src Port Dst IP Dst Port Sampled Count
-----------------------------------------------------------------------
142.250.180.187 443 101720552700
142.250.180.187 101720552700
216.58.204.155 443 97013227200
216.58.204.155 97013227200
142.251.209.59 443 88972659900
142.251.209.59 88972659900
443 192.114.101.187 36123860100
192.114.101.187 36123860100
443 132.71.132.1 36083285700
132.71.132.1 36083285700
Further Details:
https://primary.nemo.geant.org/alerts/details/192931/
More information about the Nemo-ddos-list
mailing list