[NeMo-DDoS-List] FW: [Geant NeMo] Analysis for Alert #190549 CRIT: IUCC (AS378) - [IUCC] [Customer] [Email_Analysis]

Hank Nussbacher hank at mail.iucc.ac.il
Wed Sep 27 21:35:30 IDT 2023




________________________________________
From: nemo-ddos at geant.org <nemo-ddos at geant.org>
Sent: Wednesday, September 27, 2023 9:35:26 PM (UTC+02:00) Jerusalem
To: soc at geant.org
Subject: [Geant NeMo] Analysis for Alert #190549 CRIT: IUCC (AS378) - [IUCC] [Customer] [Email_Analysis]

Please find the analysis details for the Alert ID: 190549

Top-10 Src IPs by Packets:
   Packets   Est. Rate   % of Total            Src IP
----------------------------------------------------
  29040600       96802        34.7%    103.134.145.31
  21766500       72555        26.0%    139.180.129.34
   3789300       12631         4.5%    103.134.145.71
   2069100        6897         2.5%      94.102.61.50
   1953000        6510         2.3%      94.102.61.38
   1938000        6460         2.3%     144.22.195.95
   1937100        6457         2.3%   139.180.138.223
    878100        2927         1.0%    192.241.225.27
    835200        2784         1.0%    165.227.32.227
    813900        2713         1.0%      165.22.10.75

Top-10 Dst IPs by Packets:
  Packets   Est. Rate   % of Total           Dst IP
--------------------------------------------------
   268800         896         0.3%      132.71.23.6
   258300         861         0.3%     132.71.17.88
   254100         847         0.3%   132.71.220.147
   251100         837         0.3%   132.70.226.244
   250200         834         0.3%   132.69.237.139
   243300         811         0.3%   132.70.125.180
   241200         804         0.3%    132.71.229.94
   237600         792         0.3%    132.71.86.146
   233700         779         0.3%   132.70.255.247
   228900         763         0.3%     132.71.95.16

Top-10 Possible Targets by Bytes:
          Src IP   Src Port           Dst IP   Dst Port   Sampled Count
---------------------------------------------------------------------
  103.134.145.31                                             1858598400
  139.180.129.34                                             1393056000
  103.134.145.31                                  25565       435379200
  103.134.145.31                                  30120       365587200
  157.240.221.10        443                                   348722100
  157.240.221.10                                  57919       348722100
  157.240.221.10                                              348722100
                        443   132.69.237.139                  348722100
                              132.69.237.139      57919       348722100
                              132.69.237.139                  348722100

Further Details:
https://primary.nemo.geant.org/alerts/details/190549/


More information about the Nemo-ddos-list mailing list