[NeMo-DDoS-List] FW: [Geant NeMo] Analysis for Alert #254133 WARN: IUCC (AS378) - [Customer] [IUCC] [Email_Analysis]

Wed Feb 28 16:15:57 IST 2024



________________________________________
From: nemo-ddos at geant.org <nemo-ddos at geant.org>
Sent: Wednesday, February 28, 2024 2:58:03 PM (UTC+02:00) Jerusalem
To: soc at geant.org
Subject: [Geant NeMo] Analysis for Alert #254133 WARN: IUCC (AS378) - [Customer] [IUCC] [Email_Analysis]

Please find the analysis details for the Alert ID: 254133

Top-10 Src IPs by Packets:
  Packets   Est. Rate   % of Total           Src IP
--------------------------------------------------
  8494500       28315        20.0%     137.74.17.22
  3486900       11623         8.2%    128.139.199.8
  1994100        6647         4.7%     132.66.13.86
  1834200        6114         4.3%    128.139.199.2
  1777800        5926         4.2%    128.139.199.3
   949200        3164         2.2%    138.68.208.32
   622800        2076         1.5%   107.170.252.15
   617100        2057         1.5%    104.156.155.4
   507300        1691         1.2%   94.156.189.228
   489000        1630         1.2%   89.248.163.168

Top-10 Dst IPs by Packets:
   Packets   Est. Rate   % of Total           Dst IP
---------------------------------------------------
  78397800      261326       184.8%    128.139.199.8
  42549600      141832       100.3%     192.114.5.81
  41925600      139752        98.8%     192.114.5.89
  41702400      139008        98.3%    128.139.199.2
  41226300      137421        97.2%   132.77.150.140
  40503300      135011        95.5%    192.114.5.185
  40453200      134844        95.3%   132.76.150.126
  40413300      134711        95.2%    192.114.5.237
  39995400      133318        94.3%     132.66.12.15
  39970500      133235        94.2%    128.139.199.3

Top-10 Possible Targets by Bytes:
  Src IP   Src Port           Dst IP   Dst Port   Sampled Count
-------------------------------------------------------------
                       128.139.199.8        443      5016237600
                       128.139.199.8                 5016237600
                        192.114.5.81        443      2723174400
                        192.114.5.81                 2723174400
                        192.114.5.89        443      2683238400
                        192.114.5.89                 2683238400
                       128.139.199.2                 2670596400
                       128.139.199.2        443      2667686400
                      132.77.150.140        443      2638483200
                      132.77.150.140                 2638483200

Further Details:
https://primary.nemo.geant.org/alerts/details/254133/