[NeMo-DDoS-List] FW: [Geant NeMo] Analysis for Alert #202034 CRIT: IUCC (AS378) - [IUCC] [Customer] [Email_Analysis]

Hank Nussbacher hank at mail.iucc.ac.il
Thu Oct 26 14:13:17 IDT 2023




________________________________________
From: nemo-ddos at geant.org <nemo-ddos at geant.org>
Sent: Thursday, October 26, 2023 2:13:11 PM (UTC+02:00) Jerusalem
To: soc at geant.org
Subject: [Geant NeMo] Analysis for Alert #202034 CRIT: IUCC (AS378) - [IUCC] [Customer] [Email_Analysis]

Please find the analysis details for the Alert ID: 202034

Top-10 Src IPs by Packets:
   Packets   Est. Rate   % of Total            Src IP
----------------------------------------------------
  19142700       63809         5.2%   142.250.186.155
  16971000       56570         4.6%    142.250.186.91
  14463300       48211         4.0%     172.217.18.27
  12812100       42707         3.5%   142.250.181.251
  12323700       41079         3.4%   142.250.186.187
  12285600       40952         3.4%   172.217.168.202
  11262300       37541         3.1%   142.250.185.187
  10899600       36332         3.0%   142.250.185.123
   9156900       30523         2.5%    172.217.23.123
   6893100       22977         1.9%   142.250.184.219

Top-10 Dst IPs by Packets:
    Packets   Est. Rate   % of Total           Dst IP
----------------------------------------------------
  134836500      449455        36.9%   132.76.220.214
   12998100       43327         3.6%     132.71.20.87
   10497300       34991         2.9%    132.74.242.32
    7937100       26457         2.2%    128.139.200.4
    7052700       23509         1.9%     132.76.61.53
    6755700       22519         1.9%    132.66.253.21
    6618900       22063         1.8%     132.76.61.54
    4838700       16129         1.3%    128.139.200.5
    4661400       15538         1.3%    192.114.3.241
    4034400       13448         1.1%    132.64.165.32

Top-10 Possible Targets by Bytes:
           Src IP   Src Port           Dst IP   Dst Port   Sampled Count
----------------------------------------------------------------------
                         443   132.76.220.214               194654726100
                               132.76.220.214               194654726100
  142.250.186.155        443                                 27629023500
  142.250.186.155                                            27629023500
   142.250.186.91        443                                 24596026800
   142.250.186.91                                            24596026800
    172.217.18.27        443                                 20880870000
    172.217.18.27                                            20880870000
                                 132.71.20.87                19035214500
                         443     132.71.20.87                19025764500

Further Details:
https://primary.nemo.geant.org/alerts/details/202034/


More information about the Nemo-ddos-list mailing list