[NeMo-DDoS-List] FW: [Geant NeMo] Analysis for Alert #246112 CRIT: IUCC (AS378) - [Email_Analysis] [Customer] [IUCC]

Tue Feb 6 13:21:52 IST 2024



________________________________________
From: nemo-ddos at geant.org <nemo-ddos at geant.org>
Sent: Tuesday, February 6, 2024 1:21:45 PM (UTC+02:00) Jerusalem
To: soc at geant.org
Subject: [Geant NeMo] Analysis for Alert #246112 CRIT: IUCC (AS378) - [Email_Analysis] [Customer] [IUCC]

Please find the analysis details for the Alert ID: 246112

Top-10 Src IPs by Packets:
   Packets   Est. Rate   % of Total            Src IP
----------------------------------------------------
  70171800      233906        62.6%   109.205.213.115
  10263300       34211         9.2%   109.205.213.154
   4005300       13351         3.6%       5.255.99.84
   2403000        8010         2.1%   109.205.213.246
   1861800        6206         1.7%    109.205.213.62
   1381500        4605         1.2%    109.205.213.26
   1153800        3846         1.0%      194.26.29.45
    668400        2228         0.6%     107.170.236.6
    522600        1742         0.5%    94.156.189.228
    485400        1618         0.4%    89.248.163.168

Top-10 Dst IPs by Packets:
  Packets   Est. Rate   % of Total            Dst IP
---------------------------------------------------
   179100         597         0.2%   192.114.105.254
   147900         493         0.1%      132.76.61.54
   114900         383         0.1%    192.114.23.221
   102000         340         0.1%      132.70.66.10
   100500         335         0.1%    192.114.91.244
    99900         333         0.1%       132.70.66.9
    94500         315         0.1%      132.70.66.12
    93000         310         0.1%    192.114.91.243
    92100         307         0.1%    192.114.91.245
    91200         304         0.1%    192.114.91.247

Top-10 Possible Targets by Bytes:
           Src IP   Src Port           Dst IP   Dst Port   Sampled Count
----------------------------------------------------------------------
  109.205.213.115      57391                                  2806872000
  109.205.213.115                                             2806872000
  109.205.213.154                                              451584000
  109.205.213.154      57413                                   226814400
  109.205.213.154      57429                                   224769600
      5.255.99.84      54393                                   160212000
      5.255.99.84                                              160212000
                               192.114.23.221                  131490300
                         443   192.114.23.221                  131459100
    23.246.48.170        443                                   131406600

Further Details:
https://primary.nemo.geant.org/alerts/details/246112/