[NeMo-DDoS-List] FW: [Geant NeMo] Analysis for Alert #254536 CRIT: IUCC (AS378) - [Customer] [IUCC] [Email_Analysis]

Thu Feb 29 13:27:38 IST 2024



________________________________________
From: nemo-ddos at geant.org <nemo-ddos at geant.org>
Sent: Thursday, February 29, 2024 1:27:32 PM (UTC+02:00) Jerusalem
To: soc at geant.org
Subject: [Geant NeMo] Analysis for Alert #254536 CRIT: IUCC (AS378) - [Customer] [IUCC] [Email_Analysis]

Please find the analysis details for the Alert ID: 254536

Top-10 Src IPs by Packets:
  Packets   Est. Rate   % of Total           Src IP
--------------------------------------------------
  2858700        9529        10.4%   124.221.186.26
   827100        2757         3.0%     94.156.64.72
   694800        2316         2.5%    94.156.71.105
   674700        2249         2.4%   104.156.155.14
   597900        1993         2.2%    39.105.169.11
   587700        1959         2.1%   132.74.189.252
   543900        1813         2.0%      94.156.71.4
   511800        1706         1.9%   89.248.163.168
   473400        1578         1.7%   94.156.189.228
   442800        1476         1.6%   89.248.165.212

Top-10 Dst IPs by Packets:
    Packets   Est. Rate   % of Total            Dst IP
-----------------------------------------------------
  161922000      539740       586.6%     192.114.5.216
  149613900      498713       542.0%    132.74.189.252
  122000400      406668       441.9%     192.114.5.107
     540000        1800         2.0%      192.114.5.10
     226200         754         0.8%   192.114.105.254
     167100         557         0.6%     132.76.10.107
     144900         483         0.5%      132.76.61.53
     144600         482         0.5%      132.76.61.54
     130200         434         0.5%    192.114.91.249
     120900         403         0.4%      132.68.40.43

Top-10 Possible Targets by Bytes:
        Src IP   Src Port           Dst IP   Dst Port   Sampled Count
-------------------------------------------------------------------
                             192.114.5.216        443     10363008000
                             192.114.5.216                10363008000
                            132.74.189.252        443      9575289600
                            132.74.189.252                 9575289600
                             192.114.5.107        443      7808025600
                             192.114.5.107                 7808025600
                             132.76.10.107                  208793700
  154.85.69.20         80                                   185117100
  154.85.69.20                                  25383       185117100
  154.85.69.20                                              185117100

Further Details:
https://primary.nemo.geant.org/alerts/details/254536/