[NeMo-DDoS-List] FW: [Geant NeMo] Analysis for Alert #187151 WARN: IUCC (AS378) - [IUCC] [Customer] [Email_Analysis]

Hank Nussbacher hank at mail.iucc.ac.il
Wed Sep 20 23:38:44 IDT 2023




________________________________________
From: nemo-ddos at geant.org <nemo-ddos at geant.org>
Sent: Wednesday, September 20, 2023 11:38:40 PM (UTC+02:00) Jerusalem
To: soc at geant.org
Subject: [Geant NeMo] Analysis for Alert #187151 WARN: IUCC (AS378) - [IUCC] [Customer] [Email_Analysis]

Please find the analysis details for the Alert ID: 187151

Top-10 Src IPs by Packets:
    Packets   Est. Rate   % of Total           Src IP
----------------------------------------------------
  128486100      428287        12.5%   89.248.163.130
  120973800      403246        11.8%    89.248.165.48
  111676800      372256        10.9%   89.248.165.207
  109751700      365839        10.7%   89.248.165.213
   92093400      306978         9.0%    89.248.165.58
   89500800      298336         8.7%   89.248.165.163
   64195200      213984         6.2%     89.248.165.2
   54863700      182879         5.3%    89.248.165.80
   35394900      117983         3.4%    89.248.165.55
   17781300       59271         1.7%   89.248.163.202

Top-10 Dst IPs by Packets:
   Packets   Est. Rate   % of Total            Dst IP
----------------------------------------------------
  17120700       57069         1.7%      132.65.60.73
  13806900       46023         1.3%      132.76.61.53
   9930000       33100         1.0%   128.139.225.245
   6701400       22338         0.7%   192.114.101.113
   6180600       20602         0.6%      13.107.138.8
   5854500       19515         0.6%     192.114.3.241
   5824200       19414         0.6%      132.76.61.54
   3463800       11546         0.3%    132.74.121.228
   3216600       10722         0.3%      52.16.105.95
   2473800        8246         0.2%     132.77.67.198

Top-10 Possible Targets by Bytes:
        Src IP   Src Port            Dst IP   Dst Port   Sampled Count
--------------------------------------------------------------------
                      443      132.65.60.73                24936775200
                               132.65.60.73                24936775200
                               132.76.61.53                15318909300
                       80      132.76.61.53                15185402100
  67.43.15.203         80                                  15142070400
  67.43.15.203                                             15142070400
                            128.139.225.245                11110796100
                            192.114.101.113                10027591500
                      443   128.139.225.245                 9347937000
                     1094   192.114.101.113                 8373825900

Further Details:
https://primary.nemo.geant.org/alerts/details/187151/


More information about the Nemo-ddos-list mailing list