[NeMo-DDoS-List] FW: [Geant NeMo] Analysis for Alert #187150 WARN: IUCC (AS378) - [IUCC] [Customer] [Email_Analysis]

Hank Nussbacher hank at mail.iucc.ac.il
Wed Sep 20 23:36:43 IDT 2023




________________________________________
From: nemo-ddos at geant.org <nemo-ddos at geant.org>
Sent: Wednesday, September 20, 2023 11:36:39 PM (UTC+02:00) Jerusalem
To: soc at geant.org
Subject: [Geant NeMo] Analysis for Alert #187150 WARN: IUCC (AS378) - [IUCC] [Customer] [Email_Analysis]

Please find the analysis details for the Alert ID: 187150

Top-10 Src IPs by Packets:
    Packets   Est. Rate   % of Total           Src IP
----------------------------------------------------
  127804500      426015        37.5%    89.248.165.31
    9860100       32867         2.9%    132.74.74.113
    8562300       28541         2.5%   89.248.165.207
    8171100       27237         2.4%   178.159.42.216
    6199800       20666         1.8%     67.43.15.203
    5633400       18778         1.7%     13.107.138.8
    4326600       14422         1.3%   129.107.255.17
    3796800       12656         1.1%    192.114.3.241
    3725700       12419         1.1%     192.114.2.49
    3426900       11423         1.0%    142.251.36.10

Top-10 Dst IPs by Packets:
   Packets   Est. Rate   % of Total            Dst IP
----------------------------------------------------
  23470200       78234         6.9%      132.65.60.73
  14208600       47362         4.2%      13.107.138.8
   9697200       32324         2.8%      132.76.61.53
   9556200       31854         2.8%   128.139.225.245
   7563900       25213         2.2%   192.114.101.113
   4436100       14787         1.3%     192.114.3.241
   4256700       14189         1.3%     128.139.16.77
   3154200       10514         0.9%    132.66.150.114
   3135300       10451         0.9%      52.16.105.95
   3081600       10272         0.9%       192.111.5.0

Top-10 Possible Targets by Bytes:
         Src IP   Src Port            Dst IP   Dst Port   Sampled Count
---------------------------------------------------------------------
                       443      132.65.60.73                34226492400
                                132.65.60.73                34226492400
                                13.107.138.8        443     18374268900
                                13.107.138.8                18374268900
  132.74.74.113                                     443     14446410000
  132.74.74.113                                             14446410000
                      1094   192.114.101.113                11300085900
                             192.114.101.113                11300085900
                             128.139.225.245                10549897500
                                132.76.61.53                 9586932000

Further Details:
https://primary.nemo.geant.org/alerts/details/187150/


More information about the Nemo-ddos-list mailing list