[NeMo-DDoS-List] FW: [Geant NeMo] Analysis for Alert #187148 CRIT: IUCC (AS378) - [IUCC] [Customer] [Email_Analysis]

Hank Nussbacher hank at mail.iucc.ac.il
Wed Sep 20 23:36:00 IDT 2023




________________________________________
From: nemo-ddos at geant.org <nemo-ddos at geant.org>
Sent: Wednesday, September 20, 2023 11:35:55 PM (UTC+02:00) Jerusalem
To: soc at geant.org
Subject: [Geant NeMo] Analysis for Alert #187148 CRIT: IUCC (AS378) - [IUCC] [Customer] [Email_Analysis]

Please find the analysis details for the Alert ID: 187148

Top-10 Src IPs by Packets:
   Packets   Est. Rate   % of Total           Src IP
---------------------------------------------------
  74670000      248900        76.6%    89.248.165.31
   2734200        9114         2.8%      86.48.31.20
   1947300        6491         2.0%     94.102.61.41
    987300        3291         1.0%     94.102.61.44
    913500        3045         0.9%   107.170.236.29
    639900        2133         0.7%    192.241.200.4
    387900        1293         0.4%    94.102.50.103
    301500        1005         0.3%     77.90.185.71
    272700         909         0.3%     45.155.91.23
    263700         879         0.3%     193.35.18.15

Top-10 Dst IPs by Packets:
  Packets   Est. Rate   % of Total           Dst IP
--------------------------------------------------
   118800         396         0.1%     132.73.18.28
   101100         337         0.1%     192.114.5.10
    95400         318         0.1%     192.114.1.98
    44700         149         0.0%     132.76.61.53
    41400         138         0.0%    17.252.76.198
    36900         123         0.0%     132.76.61.54
    36600         122         0.0%   192.114.23.221
    34800         116         0.0%    194.63.239.88
    29100          97         0.0%      172.67.24.1
    28800          96         0.0%    132.66.166.68

Top-10 Possible Targets by Bytes:
         Src IP   Src Port         Dst IP   Dst Port   Sampled Count
------------------------------------------------------------------
  89.248.165.31                                           2986800000
  89.248.165.31      41053                                2551260000
  89.248.165.31      41178                                 435540000
  37.77.186.175        443                                 177015600
  37.77.186.175                                38400       177015600
  37.77.186.175                                            177015600
                       443   132.73.18.28                  177015600
                             132.73.18.28      38400       177015600
                             132.73.18.28                  177015600
                       443   192.114.5.10                  127867500

Further Details:
https://primary.nemo.geant.org/alerts/details/187148/


More information about the Nemo-ddos-list mailing list