[NeMo-DDoS-List] FW: [Geant NeMo] Analysis for Alert #194209 CRIT: IUCC (AS378) - [IUCC] [Customer] [Email_Analysis]

Hank Nussbacher hank at mail.iucc.ac.il
Sat Oct 7 18:40:31 IDT 2023




________________________________________
From: nemo-ddos at geant.org <nemo-ddos at geant.org>
Sent: Saturday, October 7, 2023 6:40:26 PM (UTC+02:00) Jerusalem
To: soc at geant.org
Subject: [Geant NeMo] Analysis for Alert #194209 CRIT: IUCC (AS378) - [IUCC] [Customer] [Email_Analysis]

Please find the analysis details for the Alert ID: 194209

Top-10 Src IPs by Packets:
   Packets   Est. Rate   % of Total           Src IP
---------------------------------------------------
  40857000      136190        18.4%   162.250.121.54
  14697600       48992         6.6%    52.218.232.26
   6136800       20456         2.8%    52.92.194.225
   5451300       18171         2.5%     52.92.240.97
   5086200       16954         2.3%    52.92.136.145
   4506900       15023         2.0%    52.92.195.145
   4457400       14858         2.0%   52.218.169.147
   4377300       14591         2.0%    52.92.136.169
   4096500       13655         1.8%     52.92.128.97
   3954900       13183         1.8%   52.218.201.146

Top-10 Dst IPs by Packets:
  Packets   Est. Rate   % of Total            Dst IP
---------------------------------------------------
  9520500       31735         4.3%    132.76.220.213
  6887700       22959         3.1%     132.76.220.75
  6414000       21380         2.9%    132.76.221.251
  5495400       18318         2.5%      132.76.10.41
  5215800       17386         2.4%     132.76.214.82
  4877700       16259         2.2%    132.76.214.128
  4831200       16104         2.2%   128.139.225.245
  4235100       14117         1.9%    132.76.221.157
  4009500       13365         1.8%      132.66.52.85
  3860700       12869         1.7%    132.76.214.104

Top-10 Possible Targets by Bytes:
         Src IP   Src Port           Dst IP   Dst Port   Sampled Count
--------------------------------------------------------------------
  52.218.232.26        443                                 21625425000
  52.218.232.26                                            21625425000
                       443   132.76.220.213                13997623800
                             132.76.220.213                13997623800
                       443    132.76.220.75                10133394000
                              132.76.220.75                10133394000
                       443   132.76.221.251                 9431158200
                             132.76.221.251                 9431158200
  52.92.194.225        443                                  9032244600
  52.92.194.225                                             9032244600

Further Details:
https://primary.nemo.geant.org/alerts/details/194209/


More information about the Nemo-ddos-list mailing list