[NeMo-DDoS-List] FW: [Geant NeMo] Analysis for Alert #193084 WARN: IUCC (AS378) - [IUCC] [Customer] [Email_Analysis]

Hank Nussbacher hank at mail.iucc.ac.il
Thu Oct 5 04:42:06 IDT 2023




________________________________________
From: nemo-ddos at geant.org <nemo-ddos at geant.org>
Sent: Thursday, October 5, 2023 4:41:56 AM (UTC+02:00) Jerusalem
To: soc at geant.org
Subject: [Geant NeMo] Analysis for Alert #193084 WARN: IUCC (AS378) - [IUCC] [Customer] [Email_Analysis]

Please find the analysis details for the Alert ID: 193084

Top-10 Src IPs by Packets:
   Packets   Est. Rate   % of Total            Src IP
----------------------------------------------------
  46269300      154231        41.2%    129.107.255.16
   8974500       29915         8.0%   142.250.179.138
   5387100       17957         4.8%    142.251.39.106
   3174900       10583         2.8%       40.99.44.66
   2916000        9720         2.6%      132.76.61.53
   2845800        9486         2.5%    74.112.186.135
   1725000        5750         1.5%   142.250.179.202
   1658100        5527         1.5%     216.58.214.10
   1178400        3928         1.0%   172.217.168.202
   1145100        3817         1.0%       209.197.3.8

Top-10 Dst IPs by Packets:
   Packets   Est. Rate   % of Total            Dst IP
----------------------------------------------------
  46269300      154231        41.2%   192.114.101.113
  12376500       41255        11.0%     132.64.81.114
   4337400       14458         3.9%      132.76.61.53
   2847300        9491         2.5%    132.77.104.185
   1884600        6282         1.7%     192.114.3.241
   1583400        5278         1.4%       40.99.44.66
   1520400        5068         1.4%     132.65.240.60
   1460700        4869         1.3%     128.139.16.77
   1432200        4774         1.3%   128.139.225.245
   1122600        3742         1.0%      13.107.136.8

Top-10 Possible Targets by Bytes:
           Src IP   Src Port            Dst IP   Dst Port   Sampled Count
-----------------------------------------------------------------------
   129.107.255.16       1094                                  69020927700
   129.107.255.16                                             69020927700
                        1094   192.114.101.113                69020927700
                               192.114.101.113                69020927700
                         443     132.64.81.114                17942685300
                                 132.64.81.114                17942685300
  142.250.179.138        443                                  12950125800
  142.250.179.138                                             12950125800
   142.251.39.106        443                                   7746009300
   142.251.39.106                                              7746009300

Further Details:
https://primary.nemo.geant.org/alerts/details/193084/


More information about the Nemo-ddos-list mailing list