[NeMo-DDoS-List] FW: [Geant NeMo] Analysis for Alert #188289 WARN: IUCC (AS378) - [IUCC] [Customer] [Email_Analysis]

Hank Nussbacher hank at mail.iucc.ac.il
Sat Sep 23 04:11:34 IDT 2023




________________________________________
From: nemo-ddos at geant.org <nemo-ddos at geant.org>
Sent: Saturday, September 23, 2023 4:11:23 AM (UTC+02:00) Jerusalem
To: soc at geant.org
Subject: [Geant NeMo] Analysis for Alert #188289 WARN: IUCC (AS378) - [IUCC] [Customer] [Email_Analysis]

Please find the analysis details for the Alert ID: 188289

Top-10 Src IPs by Packets:
  Packets   Est. Rate   % of Total            Src IP
---------------------------------------------------
  4755300       15851        10.3%      52.17.98.131
  2511000        8370         5.4%       86.48.31.20
  1187100        3957         2.6%    195.160.220.98
  1185000        3950         2.6%   195.160.220.107
  1182600        3942         2.6%   195.160.220.104
  1176600        3922         2.5%     84.16.251.143
  1169400        3898         2.5%    195.160.220.48
  1160100        3867         2.5%     84.16.251.186
  1156500        3855         2.5%       37.48.77.89
  1153200        3844         2.5%    195.160.220.96

Top-10 Dst IPs by Packets:
  Packets   Est. Rate   % of Total            Dst IP
---------------------------------------------------
    87000         290         0.2%      192.114.1.98
    56400         188         0.1%   185.199.111.133
    51900         173         0.1%     162.125.64.22
    43200         144         0.1%      132.76.61.53
    36600         122         0.1%      132.76.61.54
    33300         111         0.1%    52.233.133.164
    31800         106         0.1%     104.22.49.147
    24900          83         0.1%       172.67.24.1
    22200          74         0.0%    132.64.194.190
    21600          72         0.0%     132.64.117.75

Top-10 Possible Targets by Bytes:
           Src IP   Src Port   Dst IP   Dst Port   Sampled Count
--------------------------------------------------------------
     52.17.98.131                                      190215600
      86.48.31.20                             22       114143400
      86.48.31.20                                      114143400
   195.160.220.98                           2077        47484000
   195.160.220.98                                       47484000
  195.160.220.107                          20000        47400000
  195.160.220.107                                       47400000
  195.160.220.104                           2050        47304000
  195.160.220.104                                       47304000
    84.16.251.143                          32769        47064000

Further Details:
https://primary.nemo.geant.org/alerts/details/188289/


More information about the Nemo-ddos-list mailing list