[NeMo-DDoS-List] [Geant NeMo] Analysis for Alert #248592 WARN: IUCC (AS378) - [Customer] [IUCC] [Email_Analysis]
Info Sec
infosec at tauex.tau.ac.il
Wed Feb 14 08:13:29 IST 2024
היי בוקר אור הנק,
זה בטיפול,
המשך יום נעים.
איתי בולנדי
ארכיטקט אבטחת מידע וסייבר, אגף למחשוב וטכנולוגיות מידע
משרד: 03-6408306 | פקס: 03-6405158
דוא"ל: itaybo at tauex.tau.ac.il | אתר: http://www.tau.ac.il
-----Original Message-----
From: Nemo-ddos-list <nemo-ddos-list-bounces at nocvm.ilan.net.il> On Behalf Of Hank Nussbacher
Sent: Tuesday, February 13, 2024 6:42 PM
To: Nemo-ddos-list at nocvm.ilan.net.il
Subject: [NeMo-DDoS-List] FW: [Geant NeMo] Analysis for Alert #248592 WARN: IUCC (AS378) - [Customer] [IUCC] [Email_Analysis]
________________________________________
From: nemo-ddos at geant.org <nemo-ddos at geant.org>
Sent: Tuesday, February 13, 2024 6:42:09 PM (UTC+02:00) Jerusalem
To: soc at geant.org
Subject: [Geant NeMo] Analysis for Alert #248592 WARN: IUCC (AS378) - [Customer] [IUCC] [Email_Analysis]
Please find the analysis details for the Alert ID: 248592
Top-10 Src IPs by Packets:
Packets Est. Rate % of Total Src IP
----------------------------------------------------
10656600 35522 13.9% 198.144.159.105
8475000 28250 11.1% 137.74.17.22
5601600 18672 7.3% 199.19.95.83
5206500 17355 6.8% 198.144.159.129
5111700 17039 6.7% 192.3.154.43
4946400 16488 6.5% 199.167.138.161
4136700 13789 5.4% 104.255.152.65
3787500 12625 5.0% 108.181.4.185
3415200 11384 4.5% 108.181.4.173
2910300 9701 3.8% 208.87.243.55
Top-10 Dst IPs by Packets:
Packets Est. Rate % of Total Dst IP
---------------------------------------------------
90300 301 0.1% 192.114.105.254
74400 248 0.1% 128.139.225.245
54900 183 0.1% 132.76.61.54
42600 142 0.1% 132.66.253.21
41700 139 0.1% 132.76.61.53
40200 134 0.1% 192.114.23.237
36600 122 0.0% 192.114.91.245
35400 118 0.0% 192.114.91.248
35400 118 0.0% 132.70.66.14
33300 111 0.0% 132.70.66.10
Top-10 Possible Targets by Bytes:
Src IP Src Port Dst IP Dst Port Sampled Count
--------------------------------------------------------------
198.144.159.105 40688 426264000
198.144.159.105 426264000
137.74.17.22 56704 339000000
137.74.17.22 339000000
199.19.95.83 40924 224064000
199.19.95.83 224064000
198.144.159.129 40935 208260000
198.144.159.129 208260000
192.3.154.43 51785 204468000
192.3.154.43 204468000
Further Details:
https://primary.nemo.geant.org/alerts/details/248592/
--
Nemo-ddos-list mailing list
Nemo-ddos-list at nocvm.ilan.net.il
https://nocvm.iucc.ac.il/cgi-bin/mailman/listinfo/nemo-ddos-list
More information about the Nemo-ddos-list
mailing list