[NeMo-DDoS-List] FW: [Geant NeMo] Analysis for Alert #254533 WARN: IUCC (AS378) - [Customer] [IUCC] [Email_Analysis]

Hank Nussbacher hank at mail.iucc.ac.il
Thu Feb 29 13:15:37 IST 2024



________________________________________
From: nemo-ddos at geant.org <nemo-ddos at geant.org>
Sent: Thursday, February 29, 2024 1:15:33 PM (UTC+02:00) Jerusalem
To: soc at geant.org
Subject: [Geant NeMo] Analysis for Alert #254533 WARN: IUCC (AS378) - [Customer] [IUCC] [Email_Analysis]

Please find the analysis details for the Alert ID: 254533

Top-10 Src IPs by Packets:
  Packets   Est. Rate   % of Total                               Src IP
----------------------------------------------------------------------
  8939100       29797         7.0%                          31.13.84.52
  5737200       19124         4.5%   2a03:2880:f207:c4:face:b00c:0:43fe
  3499200       11664         2.7%                           31.13.84.4
  3329400       11098         2.6%                          31.13.84.51
  2315100        7717         1.8%                        163.70.147.63
  2202600        7342         1.7%       2a03:2880:f007:8:face:b00c:0:1
  2006700        6689         1.6%                          31.13.84.15
  1717500        5725         1.3%                       157.240.221.63
  1575000        5250         1.2%                       157.240.195.63
  1439700        4799         1.1%                        163.70.147.23

Top-10 Dst IPs by Packets:
    Packets   Est. Rate   % of Total            Dst IP
-----------------------------------------------------
  550232700     1834109       431.3%      192.114.5.84
  350135100     1167117       274.5%     132.77.150.17
  188268600      627562       147.6%    132.74.189.250
  151085700      503619       118.4%     132.74.189.71
  123927000      413090        97.1%    132.74.189.237
    7107900       23693         5.6%     192.114.5.151
    7085400       23618         5.6%      132.76.74.55
    6750600       22502         5.3%     132.66.13.128
    6731400       22438         5.3%     192.114.5.195
    3121500       10405         2.4%   128.139.225.245

Top-10 Possible Targets by Bytes:
  Src IP   Src Port           Dst IP   Dst Port   Sampled Count
-------------------------------------------------------------
                        192.114.5.84               725926309500
                       132.77.150.17               460405012500
                        192.114.5.84               441555504000
                        192.114.5.84               441555504000
                        192.114.5.84        443    284087723700
                 53     192.114.5.84               284053620900
                       132.77.150.17               282035065200
                       132.77.150.17               282035065200
                      132.74.189.250               243811398300
                       132.74.189.71               198189366900

Further Details:
https://primary.nemo.geant.org/alerts/details/254533/


More information about the Nemo-ddos-list mailing list