[NeMo-DDoS-List] FW: [Geant NeMo] Analysis for Alert #254131 CRIT: IUCC (AS378) - [Customer] [IUCC] [Email_Analysis]

Wed Feb 28 15:06:47 IST 2024



________________________________________
From: nemo-ddos at geant.org <nemo-ddos at geant.org>
Sent: Wednesday, February 28, 2024 3:06:14 PM (UTC+02:00) Jerusalem
To: soc at geant.org
Subject: [Geant NeMo] Analysis for Alert #254131 CRIT: IUCC (AS378) - [Customer] [IUCC] [Email_Analysis]

Please find the analysis details for the Alert ID: 254131

Top-10 Src IPs by Packets:
  Packets   Est. Rate   % of Total            Src IP
---------------------------------------------------
   129600         432         1.2%    148.153.92.250
    90900         303         0.8%    143.244.33.124
    88800         296         0.8%    143.244.33.125
    84000         280         0.8%    122.10.148.132
    81300         271         0.7%   185.229.188.145
    73800         246         0.7%     138.199.0.215
    72900         243         0.7%     138.199.0.213
    72600         242         0.7%   185.229.188.147
    71100         237         0.7%        4.4.142.58
    58200         194         0.5%       64.31.6.251

Top-10 Dst IPs by Packets:
  Packets   Est. Rate   % of Total           Dst IP
--------------------------------------------------
  3621900       12073        33.2%    128.139.199.8
  1909500        6365        17.5%    128.139.199.2
  1794300        5981        16.4%    128.139.199.3
  1258500        4195        11.5%   132.74.189.190
  1074000        3580         9.8%     132.66.12.15
  1053300        3511         9.6%   132.76.150.126
  1032000        3440         9.5%   132.77.150.140
  1005000        3350         9.2%     132.66.13.71
  1000200        3334         9.2%     192.114.5.81
   996900        3323         9.1%     132.66.13.86

Top-10 Possible Targets by Bytes:
  Src IP   Src Port          Dst IP   Dst Port   Sampled Count
------------------------------------------------------------
                      128.139.199.8                  250650000
                      128.139.199.8                  250633200
                      128.139.199.4                  174607800
                      128.139.199.4                  174607800
                      128.139.199.4                  174259800
                      128.139.199.6                  172311000
                      128.139.199.6       2048       172311000
                      128.139.199.6                  172311000
                      128.139.199.2                  131812800
                      128.139.199.2                  131812800

Further Details:
https://primary.nemo.geant.org/alerts/details/254131/