[NeMo-DDoS-List] FW: [Geant NeMo] Analysis for Alert #194210 CRIT: IUCC (AS378) - [IUCC] [Customer] [Email_Analysis]

Hank Nussbacher hank at mail.iucc.ac.il
Sat Oct 7 18:40:30 IDT 2023




________________________________________
From: nemo-ddos at geant.org <nemo-ddos at geant.org>
Sent: Saturday, October 7, 2023 6:40:25 PM (UTC+02:00) Jerusalem
To: soc at geant.org
Subject: [Geant NeMo] Analysis for Alert #194210 CRIT: IUCC (AS378) - [IUCC] [Customer] [Email_Analysis]

Please find the analysis details for the Alert ID: 194210

Top-10 Src IPs by Packets:
   Packets   Est. Rate   % of Total           Src IP
---------------------------------------------------
  40857000      136190        19.1%   162.250.121.54
  14697600       48992         6.9%    52.218.232.26
   6136800       20456         2.9%    52.92.194.225
   5451300       18171         2.5%     52.92.240.97
   5086200       16954         2.4%    52.92.136.145
   4506900       15023         2.1%    52.92.195.145
   4457400       14858         2.1%   52.218.169.147
   4377300       14591         2.0%    52.92.136.169
   4096500       13655         1.9%     52.92.128.97
   3954900       13183         1.8%   52.218.201.146

Top-10 Dst IPs by Packets:
  Packets   Est. Rate   % of Total           Dst IP
--------------------------------------------------
  9520500       31735         4.4%   132.76.220.213
  6887700       22959         3.2%    132.76.220.75
  6414000       21380         3.0%   132.76.221.251
  5456100       18187         2.5%     132.76.10.41
  5215800       17386         2.4%    132.76.214.82
  4877700       16259         2.3%   132.76.214.128
  4235100       14117         2.0%   132.76.221.157
  4009500       13365         1.9%     132.66.52.85
  3860700       12869         1.8%   132.76.214.104
  3454800       11516         1.6%    132.76.223.78

Top-10 Possible Targets by Bytes:
         Src IP   Src Port           Dst IP   Dst Port   Sampled Count
--------------------------------------------------------------------
  52.218.232.26        443                                 21625425000
  52.218.232.26                                            21625425000
                       443   132.76.220.213                13997623800
                             132.76.220.213                13997623800
                       443    132.76.220.75                10133394000
                              132.76.220.75                10133394000
                       443   132.76.221.251                 9431158200
                             132.76.221.251                 9431158200
  52.92.194.225        443                                  9032244600
  52.92.194.225                                             9032244600

Further Details:
https://primary.nemo.geant.org/alerts/details/194210/


More information about the Nemo-ddos-list mailing list