[NeMo-DDoS-List] FW: [Geant NeMo] Analysis for Alert #194211 CRIT: IUCC (AS378) - [IUCC] [Customer] [Email_Analysis]

Hank Nussbacher hank at mail.iucc.ac.il
Sat Oct 7 18:40:03 IDT 2023




________________________________________
From: nemo-ddos at geant.org <nemo-ddos at geant.org>
Sent: Saturday, October 7, 2023 6:39:58 PM (UTC+02:00) Jerusalem
To: soc at geant.org
Subject: [Geant NeMo] Analysis for Alert #194211 CRIT: IUCC (AS378) - [IUCC] [Customer] [Email_Analysis]

Please find the analysis details for the Alert ID: 194211

Top-10 Src IPs by Packets:
   Packets   Est. Rate   % of Total           Src IP
---------------------------------------------------
  14697600       48992         9.0%    52.218.232.26
   6136800       20456         3.7%    52.92.194.225
   5451300       18171         3.3%     52.92.240.97
   5086200       16954         3.1%    52.92.136.145
   4506900       15023         2.7%    52.92.195.145
   4457400       14858         2.7%   52.218.169.147
   4377300       14591         2.7%    52.92.136.169
   4096500       13655         2.5%     52.92.128.97
   3954900       13183         2.4%   52.218.201.146
   3885300       12951         2.4%    52.92.152.185

Top-10 Dst IPs by Packets:
  Packets   Est. Rate   % of Total           Dst IP
--------------------------------------------------
  9520500       31735         5.8%   132.76.220.213
  6887700       22959         4.2%    132.76.220.75
  6414000       21380         3.9%   132.76.221.251
  5455800       18186         3.3%     132.76.10.41
  5215800       17386         3.2%    132.76.214.82
  4877700       16259         3.0%   132.76.214.128
  4235100       14117         2.6%   132.76.221.157
  4009500       13365         2.4%     132.66.52.85
  3860700       12869         2.4%   132.76.214.104
  3454800       11516         2.1%    132.76.223.78

Top-10 Possible Targets by Bytes:
         Src IP   Src Port           Dst IP   Dst Port   Sampled Count
--------------------------------------------------------------------
  52.218.232.26        443                                 21625425000
  52.218.232.26                                            21625425000
                       443   132.76.220.213                13997623800
                             132.76.220.213                13997623800
                       443    132.76.220.75                10133394000
                              132.76.220.75                10133394000
                       443   132.76.221.251                 9431158200
                             132.76.221.251                 9431158200
  52.92.194.225        443                                  9032244600
  52.92.194.225                                             9032244600

Further Details:
https://primary.nemo.geant.org/alerts/details/194211/


More information about the Nemo-ddos-list mailing list