[NeMo-DDoS-List] FW: [Geant NeMo] Analysis for Alert #193809 WARN: IUCC (AS378) - [IUCC] [Customer] [Email_Analysis]

Hank Nussbacher hank at mail.iucc.ac.il
Fri Oct 6 16:35:21 IDT 2023




________________________________________
From: nemo-ddos at geant.org <nemo-ddos at geant.org>
Sent: Friday, October 6, 2023 4:35:17 PM (UTC+02:00) Jerusalem
To: soc at geant.org
Subject: [Geant NeMo] Analysis for Alert #193809 WARN: IUCC (AS378) - [IUCC] [Customer] [Email_Analysis]

Please find the analysis details for the Alert ID: 193809

Top-10 Src IPs by Packets:
   Packets   Est. Rate   % of Total           Src IP
---------------------------------------------------
  17566800       58556         9.2%    52.218.246.27
   6937800       23126         3.6%    52.92.144.185
   6717000       22390         3.5%     94.102.61.38
   6643500       22145         3.5%   52.218.252.171
   5928900       19763         3.1%     52.92.144.89
   5524800       18416         2.9%   52.218.220.107
   5394000       17980         2.8%     52.218.238.3
   5295000       17650         2.8%     52.218.220.3
   4465500       14885         2.3%   52.218.229.115
   4434900       14783         2.3%    52.92.130.137

Top-10 Dst IPs by Packets:
  Packets   Est. Rate   % of Total           Dst IP
--------------------------------------------------
  5436300       18121         2.9%    132.76.223.77
  5341200       17804         2.8%   132.76.221.250
  4820400       16068         2.5%   132.76.214.126
  4530300       15101         2.4%   132.76.214.146
  4014000       13380         2.1%   132.76.214.125
  3977100       13257         2.1%    132.72.84.207
  3801000       12670         2.0%   132.76.214.132
  3684900       12283         1.9%   132.76.214.123
  3574500       11915         1.9%   132.76.221.174
  3424800       11416         1.8%   132.76.220.237

Top-10 Possible Targets by Bytes:
          Src IP   Src Port   Dst IP   Dst Port   Sampled Count
-------------------------------------------------------------
   52.218.246.27        443                         25845235500
   52.218.246.27                                    25845235500
   52.92.144.185        443                         10203166200
   52.92.144.185                                    10203166200
  52.218.252.171        443                          9774294900
  52.218.252.171                                     9774294900
    52.92.144.89        443                          8722910700
    52.92.144.89                                     8722910700
  52.218.220.107        443                          8130023700
  52.218.220.107                                     8130023700

Further Details:
https://primary.nemo.geant.org/alerts/details/193809/


More information about the Nemo-ddos-list mailing list