[NeMo-DDoS-List] FW: [Geant NeMo] Analysis for Alert #254531 CRIT: IUCC (AS378) - [Customer] [IUCC] [Email_Analysis]

Hank Nussbacher hank at mail.iucc.ac.il
Thu Feb 29 13:24:35 IST 2024




________________________________________
From: nemo-ddos at geant.org <nemo-ddos at geant.org>
Sent: Thursday, February 29, 2024 1:24:29 PM (UTC+02:00) Jerusalem
To: soc at geant.org
Subject: [Geant NeMo] Analysis for Alert #254531 CRIT: IUCC (AS378) - [Customer] [IUCC] [Email_Analysis]

Please find the analysis details for the Alert ID: 254531

Top-10 Src IPs by Packets:
   Packets   Est. Rate   % of Total            Src IP
----------------------------------------------------
  64712700      215709         7.4%    129.107.255.17
  13956900       46523         1.6%   142.250.180.138
  12174900       40583         1.4%     162.125.69.12
  11449200       38164         1.3%       31.13.84.51
  11249100       37497         1.3%       31.13.84.52
  10358400       34528         1.2%    129.107.255.18
  10220700       34069         1.2%     216.58.209.42
  10137900       33793         1.2%    216.58.204.142
   7301400       24338         0.8%     52.222.144.51
   6882900       22943         0.8%    52.222.144.118

Top-10 Dst IPs by Packets:
    Packets   Est. Rate   % of Total            Dst IP
-----------------------------------------------------
  551054700     1836849        63.2%      192.114.5.84
  461375400     1537918        52.9%    132.74.189.250
  350718300     1169061        40.2%     132.77.150.17
  151345500      504485        17.4%     132.74.189.71
  124125000      413750        14.2%    132.74.189.237
   78561600      261872         9.0%        132.74.6.1
   75094200      250314         8.6%   192.114.101.113
   13246800       44156         1.5%       132.66.43.6
   11410800       38036         1.3%   128.139.225.245
   11309400       37698         1.3%   192.114.105.254

Top-10 Possible Targets by Bytes:
  Src IP   Src Port           Dst IP   Dst Port   Sampled Count
-------------------------------------------------------------
                        192.114.5.84               723107664000
                      132.74.189.250               628821078600
                      132.74.189.250               532987676400
                      132.74.189.250               532950173700
                       132.77.150.17               460411933500
                        192.114.5.84               437631009900
                        192.114.5.84               437564436900
                       132.77.150.17               282055344300
                       132.77.150.17               282005362200
                        192.114.5.84        443    278019756000

Further Details:
https://primary.nemo.geant.org/alerts/details/254531/


More information about the Nemo-ddos-list mailing list