[NeMo-DDoS-List] FW: [Geant NeMo] Analysis for Alert #254576 CRIT: IUCC (AS378) - [Customer] [IUCC] [Email_Analysis]

Thu Feb 29 17:04:16 IST 2024



________________________________________
From: nemo-ddos at geant.org <nemo-ddos at geant.org>
Sent: Thursday, February 29, 2024 5:04:08 PM (UTC+02:00) Jerusalem
To: soc at geant.org
Subject: [Geant NeMo] Analysis for Alert #254576 CRIT: IUCC (AS378) - [Customer] [IUCC] [Email_Analysis]

Please find the analysis details for the Alert ID: 254576

Top-10 Src IPs by Packets:
  Packets   Est. Rate   % of Total           Src IP
--------------------------------------------------
   972900        3243         4.2%    51.68.254.173
   702600        2342         3.1%    185.242.226.5
   658200        2194         2.9%   104.156.155.14
   483000        1610         2.1%   94.156.189.228
   464400        1548         2.0%   89.248.163.168
   416100        1387         1.8%   89.248.165.212
   411000        1370         1.8%     79.110.62.92
   308700        1029         1.3%     91.92.253.26
   225000         750         1.0%   194.28.115.243
   187200         624         0.8%   183.136.225.42

Top-10 Dst IPs by Packets:
    Packets   Est. Rate   % of Total            Dst IP
-----------------------------------------------------
  117249300      390831       509.5%       192.114.3.1
  109763100      365877       477.0%     192.114.5.205
     972900        3243         4.2%     132.66.149.13
     137700         459         0.6%      192.114.5.10
     131700         439         0.6%   192.114.105.254
     123000         410         0.5%    192.114.91.243
     116400         388         0.5%      132.76.61.53
     113700         379         0.5%      132.76.61.54
     110400         368         0.5%      52.84.151.62
      81600         272         0.4%    192.114.23.221

Top-10 Possible Targets by Bytes:
         Src IP   Src Port          Dst IP   Dst Port   Sampled Count
-------------------------------------------------------------------
                               192.114.3.1        443      7503955200
                               192.114.3.1                 7503955200
                             192.114.5.205        443      7024838400
                             192.114.5.205                 7024838400
  51.68.254.173        443                                 1206396000
  51.68.254.173                                 55326      1206396000
  51.68.254.173                                            1206396000
                       443   132.66.149.13                 1206396000
                             132.66.149.13      55326      1206396000
                             132.66.149.13                 1206396000

Further Details:
https://primary.nemo.geant.org/alerts/details/254576/