[NeMo-DDoS-List] FW: [Geant NeMo] Analysis for Alert #194083 CRIT: IUCC (AS378) - [IUCC] [Customer] [Email_Analysis]

Hank Nussbacher hank at mail.iucc.ac.il
Sat Oct 7 07:18:07 IDT 2023




________________________________________
From: nemo-ddos at geant.org <nemo-ddos at geant.org>
Sent: Saturday, October 7, 2023 7:18:01 AM (UTC+02:00) Jerusalem
To: soc at geant.org
Subject: [Geant NeMo] Analysis for Alert #194083 CRIT: IUCC (AS378) - [IUCC] [Customer] [Email_Analysis]

Please find the analysis details for the Alert ID: 194083

Top-10 Src IPs by Packets:
   Packets   Est. Rate   % of Total           Src IP
---------------------------------------------------
  18850200       62834        26.0%   162.250.121.54
   6939900       23133         9.6%     52.17.98.131
   1490700        4969         2.1%     45.9.149.127
   1194000        3980         1.7%   195.160.220.44
   1178100        3927         1.6%   195.160.220.25
   1177800        3926         1.6%   195.160.220.28
   1173000        3910         1.6%      79.133.57.2
   1172100        3907         1.6%   195.160.220.23
   1171200        3904         1.6%   195.160.220.62
   1169700        3899         1.6%     79.133.57.14

Top-10 Dst IPs by Packets:
  Packets   Est. Rate   % of Total           Dst IP
--------------------------------------------------
    97800         326         0.1%     192.114.1.98
    30300         101         0.0%     132.76.61.54
    29700          99         0.0%      172.67.24.1
    28500          95         0.0%    104.22.49.147
    26700          89         0.0%     132.76.61.53
    24300          81         0.0%   135.148.151.29
    22800          76         0.0%   103.73.219.236
    21300          71         0.0%    104.22.48.147
    19800          66         0.0%    132.66.251.11
    18900          63         0.0%     132.64.49.44

Top-10 Possible Targets by Bytes:
          Src IP   Src Port   Dst IP   Dst Port   Sampled Count
-------------------------------------------------------------
  162.250.121.54      51204                           754008000
  162.250.121.54                                      754008000
    52.17.98.131                                      277598400
    45.9.149.127                                       59628000
    45.9.149.127      51048                            54600000
  195.160.220.44                             94        46944000
  195.160.220.44                                       46944000
     79.133.57.2                             88        46920000
     79.133.57.2                                       46920000
  195.160.220.23                             99        46884000

Further Details:
https://primary.nemo.geant.org/alerts/details/194083/


More information about the Nemo-ddos-list mailing list