[NeMo-DDoS-List] FW: [Geant NeMo] Analysis for Alert #197727 WARN: IUCC (AS378) - [IUCC] [Customer] [Email_Analysis]

Hank Nussbacher hank at mail.iucc.ac.il
Wed Oct 18 13:48:17 IDT 2023




________________________________________
From: nemo-ddos at geant.org <nemo-ddos at geant.org>
Sent: Wednesday, October 18, 2023 1:48:10 PM (UTC+02:00) Jerusalem
To: soc at geant.org
Subject: [Geant NeMo] Analysis for Alert #197727 WARN: IUCC (AS378) - [IUCC] [Customer] [Email_Analysis]

Please find the analysis details for the Alert ID: 197727

Top-10 Src IPs by Packets:
  Packets   Est. Rate   % of Total           Src IP
--------------------------------------------------
   726600        2422        25.5%     40.99.213.34
   351000        1170        12.3%     87.248.202.1
   194400         648         6.8%     178.79.208.1
   123900         413         4.3%   52.112.215.159
   108000         360         3.8%      52.97.233.2
    74400         248         2.6%   157.240.221.60
    66300         221         2.3%   46.228.144.128
    62100         207         2.2%     170.72.30.17
    60000         200         2.1%   91.231.239.154
    54000         180         1.9%   157.240.214.18

Top-10 Dst IPs by Packets:
  Packets   Est. Rate   % of Total            Dst IP
---------------------------------------------------
   828900        2763        29.0%      132.76.61.54
   212400         708         7.4%    132.66.169.252
   122700         409         4.3%    132.67.180.208
   108000         360         3.8%     132.66.80.214
    79800         266         2.8%   192.114.105.254
    66900         223         2.3%     132.66.62.119
    62100         207         2.2%     132.71.100.41
    61800         206         2.2%    132.71.100.169
    60300         201         2.1%    192.114.91.215
    49500         165         1.7%     132.65.240.60

Top-10 Possible Targets by Bytes:
        Src IP   Src Port           Dst IP   Dst Port   Sampled Count
-------------------------------------------------------------------
  87.248.202.1         80                                   448665300
  87.248.202.1                                              448665300
                       80   132.66.169.252                  263376000
                            132.66.169.252                  263376000
  178.79.208.1         80                                   249933600
  178.79.208.1                                              249933600
                      443     132.76.61.54                  242550000
                              132.76.61.54                  242550000
  40.99.213.34        443                                   205612500
  40.99.213.34                                              205612500

Further Details:
https://primary.nemo.geant.org/alerts/details/197727/


More information about the Nemo-ddos-list mailing list