[NeMo-DDoS-List] FW: [Geant NeMo] Analysis for Alert #197731 WARN: IUCC (AS378) - [IUCC] [Customer] [Email_Analysis]

Hank Nussbacher hank at mail.iucc.ac.il
Wed Oct 18 13:48:40 IDT 2023




________________________________________
From: nemo-ddos at geant.org <nemo-ddos at geant.org>
Sent: Wednesday, October 18, 2023 1:48:32 PM (UTC+02:00) Jerusalem
To: soc at geant.org
Subject: [Geant NeMo] Analysis for Alert #197731 WARN: IUCC (AS378) - [IUCC] [Customer] [Email_Analysis]

Please find the analysis details for the Alert ID: 197731

Top-10 Src IPs by Packets:
  Packets   Est. Rate   % of Total           Src IP
--------------------------------------------------
   726600        2422        14.3%     40.99.213.34
   715200        2384        14.1%   118.123.105.93
   351000        1170         6.9%     87.248.202.1
   194400         648         3.8%     178.79.208.1
   165300         551         3.3%   157.240.221.63
   140400         468         2.8%    163.70.147.23
   123900         413         2.4%   52.112.215.159
   116400         388         2.3%   157.240.221.16
   108000         360         2.1%      52.97.233.2
   107400         358         2.1%   157.240.214.63

Top-10 Dst IPs by Packets:
  Packets   Est. Rate   % of Total            Dst IP
---------------------------------------------------
   829200        2764        16.3%      132.76.61.54
   212400         708         4.2%    132.66.169.252
   122700         409         2.4%    132.67.180.208
   108000         360         2.1%     132.66.80.214
   104100         347         2.0%     132.76.10.245
   101100         337         2.0%    192.114.91.244
    96600         322         1.9%      128.139.35.5
    90000         300         1.8%    192.114.91.246
    83400         278         1.6%    128.139.34.240
    80400         268         1.6%   192.114.105.254

Top-10 Possible Targets by Bytes:
        Src IP   Src Port           Dst IP   Dst Port   Sampled Count
-------------------------------------------------------------------
  87.248.202.1         80                                   448665300
  87.248.202.1                                              448665300
                       80   132.66.169.252                  263376000
                            132.66.169.252                  263376000
                      443     132.76.61.54                  242562000
                              132.76.61.54                  242562000
  178.79.208.1         80                                   239336400
  178.79.208.1                                              239336400
  40.99.213.34        443                                   205612500
  40.99.213.34                                              205612500

Further Details:
https://primary.nemo.geant.org/alerts/details/197731/


More information about the Nemo-ddos-list mailing list