[NeMo-DDoS-List] FW: [Geant NeMo] Analysis for Alert #254636 WARN: IUCC (AS378) - [Customer] [IUCC] [Email_Analysis]

Thu Feb 29 17:47:24 IST 2024



________________________________________
From: nemo-ddos at geant.org <nemo-ddos at geant.org>
Sent: Thursday, February 29, 2024 5:47:16 PM (UTC+02:00) Jerusalem
To: soc at geant.org
Subject: [Geant NeMo] Analysis for Alert #254636 WARN: IUCC (AS378) - [Customer] [IUCC] [Email_Analysis]

Please find the analysis details for the Alert ID: 254636

Top-10 Src IPs by Packets:
  Packets   Est. Rate   % of Total            Src IP
---------------------------------------------------
  3901800       13006        12.2%    185.242.226.54
  3127800       10426         9.8%    31.192.111.224
  1987200        6624         6.2%     185.242.226.2
   938100        3127         2.9%   198.199.111.200
   934500        3115         2.9%    192.241.204.82
   673800        2246         2.1%    104.156.155.14
   522900        1743         1.6%    94.156.189.228
   489600        1632         1.5%    89.248.163.168
   455400        1518         1.4%    192.241.211.44
   438300        1461         1.4%    89.248.165.212

Top-10 Dst IPs by Packets:
    Packets   Est. Rate   % of Total            Dst IP
-----------------------------------------------------
  161469000      538230       504.7%      192.114.5.39
  157419900      524733       492.0%      192.114.5.58
   48731100      162437       152.3%      192.114.3.33
     338700        1129         1.1%      192.114.5.10
     234600         782         0.7%      128.139.7.33
     105600         352         0.3%   192.114.105.254
      78600         262         0.2%      132.76.61.54
      73800         246         0.2%      132.76.61.53
      57000         190         0.2%    132.64.244.237
      51600         172         0.2%      132.70.66.13

Top-10 Possible Targets by Bytes:
          Src IP   Src Port         Dst IP   Dst Port   Sampled Count
-------------------------------------------------------------------
                              192.114.5.39        443     10333862400
                              192.114.5.39                10333862400
                              192.114.5.58        443     10074873600
                              192.114.5.58                10074873600
                              192.114.3.33        443      3118790400
                              192.114.3.33                 3118790400
  185.242.226.54                                            171679200
  31.192.111.224      40519                                 125112000
  31.192.111.224                                            125112000
   185.242.226.2                                             87436800

Further Details:
https://primary.nemo.geant.org/alerts/details/254636/