[NeMo-DDoS-List] FW: [Geant NeMo] Analysis for Alert #197007 WARN: IUCC (AS378) - [IUCC] [Customer] [Email_Analysis]

Hank Nussbacher hank at mail.iucc.ac.il
Sun Oct 15 15:01:32 IDT 2023




________________________________________
From: nemo-ddos at geant.org <nemo-ddos at geant.org>
Sent: Sunday, October 15, 2023 3:01:23 PM (UTC+02:00) Jerusalem
To: soc at geant.org
Subject: [Geant NeMo] Analysis for Alert #197007 WARN: IUCC (AS378) - [IUCC] [Customer] [Email_Analysis]

Please find the analysis details for the Alert ID: 197007

Top-10 Src IPs by Packets:
  Packets   Est. Rate   % of Total                               Src IP
----------------------------------------------------------------------
  1543500        5145         3.7%                          31.13.84.15
   841500        2805         2.0%                           31.13.84.4
   760200        2534         1.8%                          31.13.84.52
   696900        2323         1.7%                       142.251.209.46
   649500        2165         1.6%                       157.240.221.16
   507900        1693         1.2%                        52.112.225.33
   488400        1628         1.2%                       209.85.137.254
   480300        1601         1.2%                          31.13.84.51
   470700        1569         1.1%                        163.70.147.23
   427500        1425         1.0%   2a03:2880:f258:cb:face:b00c:0:43fe

Top-10 Dst IPs by Packets:
   Packets   Est. Rate   % of Total            Dst IP
----------------------------------------------------
  52212000      174040       126.2%     192.114.5.114
   2417100        8057         5.8%   128.139.225.245
   1349400        4498         3.3%    192.114.23.221
    824400        2748         2.0%     192.114.3.241
    651600        2172         1.6%     132.64.158.35
    507000        1690         1.2%      128.139.35.5
    468600        1562         1.1%    128.139.34.240
    406800        1356         1.0%    132.68.237.250
    401700        1339         1.0%    192.114.91.239
    363600        1212         0.9%    192.114.91.213

Top-10 Possible Targets by Bytes:
       Src IP   Src Port            Dst IP   Dst Port   Sampled Count
-------------------------------------------------------------------
                             192.114.5.114                68126741100
                             192.114.5.114                40843245300
                             192.114.5.114                40843245300
                             192.114.5.114       8010     27283399800
                      53     192.114.5.114                27276745800
                           128.139.225.245                 2080974000
  31.13.84.15        443                                   1908464400
  31.13.84.15                                              1908464400
                     443   128.139.225.245                 1217109600
                            192.114.23.221                 1181820300

Further Details:
https://primary.nemo.geant.org/alerts/details/197007/


More information about the Nemo-ddos-list mailing list