[NeMo-DDoS-List] FW: [Geant NeMo] Analysis for Alert #196474 CRIT: IUCC (AS378) - [IUCC] [Customer] [Email_Analysis]

Hank Nussbacher hank at mail.iucc.ac.il
Sat Oct 14 06:55:37 IDT 2023




________________________________________
From: nemo-ddos at geant.org <nemo-ddos at geant.org>
Sent: Saturday, October 14, 2023 6:55:31 AM (UTC+02:00) Jerusalem
To: soc at geant.org
Subject: [Geant NeMo] Analysis for Alert #196474 CRIT: IUCC (AS378) - [IUCC] [Customer] [Email_Analysis]

Please find the analysis details for the Alert ID: 196474

Top-10 Src IPs by Packets:
   Packets   Est. Rate   % of Total            Src IP
----------------------------------------------------
  57794100      192647        47.2%    129.107.255.18
  10490700       34969         8.6%     20.38.118.132
   3668100       12227         3.0%    216.58.204.138
   1929300        6431         1.6%    142.251.209.10
   1804800        6016         1.5%     216.58.205.42
   1725300        5751         1.4%   142.250.179.170
   1716300        5721         1.4%     52.222.144.51
   1477800        4926         1.2%    129.107.255.17
   1281900        4273         1.0%       209.197.3.8
   1271700        4239         1.0%    129.107.255.16

Top-10 Dst IPs by Packets:
   Packets   Est. Rate   % of Total            Dst IP
----------------------------------------------------
  60543600      201812        49.4%   192.114.101.113
  10491000       34970         8.6%       132.70.19.4
   4770900       15903         3.9%      132.66.52.85
   2844300        9481         2.3%     132.66.50.195
   2565900        8553         2.1%     132.66.253.21
   2250600        7502         1.8%    132.68.108.108
   1958700        6529         1.6%     128.139.16.77
   1828800        6096         1.5%       132.74.1.32
   1526400        5088         1.2%    132.66.137.254
   1149600        3832         0.9%     132.74.242.91

Top-10 Possible Targets by Bytes:
          Src IP   Src Port            Dst IP   Dst Port   Sampled Count
----------------------------------------------------------------------
                       1094   192.114.101.113                90619585200
                              192.114.101.113                90619585200
  129.107.255.18       1094                                  86508063900
  129.107.255.18                                             86508063900
                        443      132.66.52.85                 5890375200
                                 132.66.52.85                 5890375200
  216.58.204.138        443                                   3551843700
  216.58.204.138                                              3551843700
                        443     132.66.253.21                 3168013500
                                132.66.253.21                 3168013500

Further Details:
https://primary.nemo.geant.org/alerts/details/196474/


More information about the Nemo-ddos-list mailing list