[NeMo-DDoS-List] [Geant NeMo] Analysis for Alert #252552 WARN: IUCC (AS378) - [Customer] [IUCC] [Email_Analysis]
Info Sec
infosec at tauex.tau.ac.il
Sun Feb 25 10:24:52 IST 2024
היי אנק בוקר אור,
תודה רבה על הדיווח הנושא בטיפול,
המשך יום נעים.
איתי בולנדי
ארכיטקט אבטחת מידע וסייבר, אגף למחשוב וטכנולוגיות מידע
משרד: 03-6408306 | פקס: 03-6405158
דוא"ל: itaybo at tauex.tau.ac.il | אתר: http://www.tau.ac.il
-----Original Message-----
From: Nemo-ddos-list <nemo-ddos-list-bounces at nocvm.ilan.net.il> On Behalf Of Hank Nussbacher
Sent: Saturday, February 24, 2024 9:32 AM
To: Nemo-ddos-list at nocvm.ilan.net.il
Subject: [NeMo-DDoS-List] FW: [Geant NeMo] Analysis for Alert #252552 WARN: IUCC (AS378) - [Customer] [IUCC] [Email_Analysis]
________________________________________
From: nemo-ddos at geant.org <nemo-ddos at geant.org>
Sent: Saturday, February 24, 2024 9:31:54 AM (UTC+02:00) Jerusalem
To: soc at geant.org
Subject: [Geant NeMo] Analysis for Alert #252552 WARN: IUCC (AS378) - [Customer] [IUCC] [Email_Analysis]
Please find the analysis details for the Alert ID: 252552
Top-10 Src IPs by Packets:
Packets Est. Rate % of Total Src IP
--------------------------------------------------
8878800 29596 15.7% 137.74.17.22
5876400 19588 10.4% 192.3.154.43
4220700 14069 7.5% 104.152.52.207
2098800 6996 3.7% 104.152.52.244
2096700 6989 3.7% 104.152.52.240
2086500 6955 3.7% 104.152.52.108
2079900 6933 3.7% 104.152.52.125
2069100 6897 3.7% 104.152.52.184
2065500 6885 3.7% 104.152.52.231
2065200 6884 3.7% 104.152.52.198
Top-10 Dst IPs by Packets:
Packets Est. Rate % of Total Dst IP
---------------------------------------------------
38400 128 0.1% 128.139.200.4
34500 115 0.1% 132.76.61.53
32400 108 0.1% 132.76.61.54
30000 100 0.1% 132.74.73.84
16800 56 0.0% 132.64.17.11
15000 50 0.0% 128.139.225.245
12600 42 0.0% 132.75.62.143
12000 40 0.0% 128.139.197.119
11400 38 0.0% 132.74.117.59
10500 35 0.0% 192.114.1.187
Top-10 Possible Targets by Bytes:
Src IP Src Port Dst IP Dst Port Sampled Count
-------------------------------------------------------------
137.74.17.22 45871 355152000
137.74.17.22 355152000
192.3.154.43 42621 235056000
192.3.154.43 235056000
104.152.52.207 168828000
104.152.52.207 58953 84540000
104.152.52.207 58991 84288000
104.152.52.244 58997 83952000
104.152.52.244 83952000
104.152.52.240 59034 83868000
Further Details:
https://primary.nemo.geant.org/alerts/details/252552/
--
Nemo-ddos-list mailing list
Nemo-ddos-list at nocvm.ilan.net.il
https://nocvm.iucc.ac.il/cgi-bin/mailman/listinfo/nemo-ddos-list
More information about the Nemo-ddos-list
mailing list