[NeMo-DDoS-List] FW: [Geant NeMo] Analysis for Alert #197728 WARN: IUCC (AS378) - [IUCC] [Customer] [Email_Analysis]

Hank Nussbacher hank at mail.iucc.ac.il
Wed Oct 18 13:48:33 IDT 2023




________________________________________
From: nemo-ddos at geant.org <nemo-ddos at geant.org>
Sent: Wednesday, October 18, 2023 1:48:29 PM (UTC+02:00) Jerusalem
To: soc at geant.org
Subject: [Geant NeMo] Analysis for Alert #197728 WARN: IUCC (AS378) - [IUCC] [Customer] [Email_Analysis]

Please find the analysis details for the Alert ID: 197728

Top-10 Src IPs by Packets:
  Packets   Est. Rate   % of Total           Src IP
--------------------------------------------------
   726600        2422        17.7%     40.99.213.34
   715200        2384        17.5%   118.123.105.93
   351000        1170         8.6%     87.248.202.1
   194400         648         4.7%     178.79.208.1
   123900         413         3.0%   52.112.215.159
   108000         360         2.6%      52.97.233.2
    74400         248         1.8%   157.240.221.60
    71400         238         1.7%   183.136.225.42
    69300         231         1.7%    39.106.39.193
    69300         231         1.7%   23.236.174.242

Top-10 Dst IPs by Packets:
  Packets   Est. Rate   % of Total            Dst IP
---------------------------------------------------
   829200        2764        20.2%      132.76.61.54
   212400         708         5.2%    132.66.169.252
   122700         409         3.0%    132.67.180.208
   108000         360         2.6%     132.66.80.214
    79800         266         1.9%   192.114.105.254
    66900         223         1.6%     132.66.62.119
    62100         207         1.5%     132.71.100.41
    61800         206         1.5%    132.71.100.169
    60300         201         1.5%    192.114.91.215
    50400         168         1.2%     132.65.240.60

Top-10 Possible Targets by Bytes:
        Src IP   Src Port           Dst IP   Dst Port   Sampled Count
-------------------------------------------------------------------
  87.248.202.1         80                                   448665300
  87.248.202.1                                              448665300
                       80   132.66.169.252                  263376000
                            132.66.169.252                  263376000
  178.79.208.1         80                                   249933600
  178.79.208.1                                              249933600
                      443     132.76.61.54                  242562000
                              132.76.61.54                  242562000
  40.99.213.34        443                                   205612500
  40.99.213.34                                              205612500

Further Details:
https://primary.nemo.geant.org/alerts/details/197728/


More information about the Nemo-ddos-list mailing list