[NeMo-DDoS-List] FW: [Geant NeMo] Analysis for Alert #254123 CRIT: IUCC (AS378) - [Customer] [IUCC] [Email_Analysis]
Hank Nussbacher
hank at mail.iucc.ac.il
Wed Feb 28 15:45:56 IST 2024
________________________________________
From: nemo-ddos at geant.org <nemo-ddos at geant.org>
Sent: Wednesday, February 28, 2024 3:06:08 PM (UTC+02:00) Jerusalem
To: soc at geant.org
Subject: [Geant NeMo] Analysis for Alert #254123 CRIT: IUCC (AS378) - [Customer] [IUCC] [Email_Analysis]
Please find the analysis details for the Alert ID: 254123
Top-10 Src IPs by Packets:
Packets Est. Rate % of Total Src IP
------------------------------------------------------
8662500 28875 28.6% 137.74.17.22
632100 2107 2.1% 128.139.199.2
506700 1689 1.7% 104.156.155.4
475200 1584 1.6% 89.248.163.168
450900 1503 1.5% 94.156.189.228
406500 1355 1.3% 89.248.165.212
405900 1353 1.3% 79.110.62.92
360300 1201 1.2% 104.156.155.9
336600 1122 1.1% 80.82.77.144
334800 1116 1.1% 2603:1026:2405::2d
Top-10 Dst IPs by Packets:
Packets Est. Rate % of Total Dst IP
-------------------------------------------------------------------------
41894100 139647 138.3% 128.139.199.2
39570300 131901 130.6% 132.74.123.113
334800 1116 1.1% 2001:bf8:200:390:b96e:2159:1b84:ee13
213000 710 0.7% 192.114.105.254
201900 673 0.7% 17.253.122.201
154500 515 0.5% 132.76.61.53
149100 497 0.5% 192.114.5.10
132300 441 0.4% 132.76.61.54
129900 433 0.4% 192.114.91.243
104400 348 0.3% 132.70.66.13
Top-10 Possible Targets by Bytes:
Src IP Src Port Dst IP Dst Port Sampled Count
-----------------------------------------------------------------------------------------------
128.139.199.2 2686554000
128.139.199.2 443 2680365600
132.74.123.113 443 2532499200
132.74.123.113 2532499200
2603:1026:2405::2d 443 426498900
2603:1026:2405::2d 55073 426498900
2603:1026:2405::2d 426498900
443 2001:bf8:200:390:b96e:2159:1b84:ee13 426498900
2001:bf8:200:390:b96e:2159:1b84:ee13 55073 426498900
2001:bf8:200:390:b96e:2159:1b84:ee13 426498900
Further Details:
https://primary.nemo.geant.org/alerts/details/254123/
More information about the Nemo-ddos-list
mailing list