[NeMo-DDoS-List] FW: [Geant NeMo] Analysis for Alert #253765 WARN: IUCC (AS378) - [Customer] [IUCC] [Email_Analysis]

Tue Feb 27 14:15:56 IST 2024



________________________________________
From: nemo-ddos at geant.org <nemo-ddos at geant.org>
Sent: Tuesday, February 27, 2024 2:05:36 PM (UTC+02:00) Jerusalem
To: soc at geant.org
Subject: [Geant NeMo] Analysis for Alert #253765 WARN: IUCC (AS378) - [Customer] [IUCC] [Email_Analysis]

Please find the analysis details for the Alert ID: 253765

Top-10 Src IPs by Packets:
  Packets   Est. Rate   % of Total                               Src IP
----------------------------------------------------------------------
  5524200       18414         5.9%                          31.13.84.52
  1237800        4126         1.3%                           31.13.84.4
   840300        2801         0.9%                          31.13.84.51
   743100        2477         0.8%                        163.70.147.63
   561300        1871         0.6%                       74.112.186.128
   549000        1830         0.6%                         132.74.20.45
   513000        1710         0.5%                       157.240.221.63
   485700        1619         0.5%                      128.139.225.245
   461100        1537         0.5%                       209.85.137.254
   460500        1535         0.5%   2a03:2880:f207:c4:face:b00c:0:43fe

Top-10 Dst IPs by Packets:
    Packets   Est. Rate   % of Total            Dst IP
-----------------------------------------------------
  802380900     2674603       857.1%   192.114.102.100
  589270200     1964234       629.4%     192.114.5.199
  331754700     1105849       354.4%     132.75.251.45
   46170300      153901        49.3%     192.114.5.186
   45151800      150506        48.2%   128.139.197.156
   40359300      134531        43.1%    132.74.189.100
   27222900       90743        29.1%      132.66.7.210
   21314700       71049        22.8%     192.114.5.142
   17761200       59204        19.0%     192.114.5.213
    6731100       22437         7.2%      192.114.3.48

Top-10 Possible Targets by Bytes:
  Src IP   Src Port            Dst IP   Dst Port   Sampled Count
--------------------------------------------------------------
                      192.114.102.100              1067282779800
                        192.114.5.199               781720337100
                      192.114.102.100               640408521900
                      192.114.102.100               640408521900
                        192.114.5.199               475534048800
                        192.114.5.199               475534048800
                        132.75.251.45               440652587400
                 53   192.114.102.100               424952209200
                      192.114.102.100        443    424124745300
                        192.114.5.199        443    306185125500

Further Details:
https://primary.nemo.geant.org/alerts/details/253765/