[NeMo-DDoS-List] FW: [Geant NeMo] Analysis for Alert #236853 CRIT: IUCC (AS378) - [Email_Analysis] [Customer] [IUCC]

Hank Nussbacher hank at mail.iucc.ac.il
Tue Jan 16 17:53:37 IST 2024




________________________________________
From: nemo-ddos at geant.org <nemo-ddos at geant.org>
Sent: Tuesday, January 16, 2024 5:53:33 PM (UTC+02:00) Jerusalem
To: soc at geant.org
Subject: [Geant NeMo] Analysis for Alert #236853 CRIT: IUCC (AS378) - [Email_Analysis] [Customer] [IUCC]

Please find the analysis details for the Alert ID: 236853

Top-10 Src IPs by Packets:
   Packets   Est. Rate   % of Total           Src IP
---------------------------------------------------
  42055500      140185        57.4%     79.124.62.82
  11817000       39390        16.1%   104.156.155.14
    797700        2659         1.1%   198.199.107.93
    663000        2210         0.9%    162.243.135.4
    536100        1787         0.7%   94.156.189.228
    498300        1661         0.7%   89.248.163.168
    457500        1525         0.6%   89.248.165.212
    429300        1431         0.6%    62.204.41.170
    351600        1172         0.5%   162.254.196.24
    350700        1169         0.5%   107.170.224.30

Top-10 Dst IPs by Packets:
  Packets   Est. Rate   % of Total            Dst IP
---------------------------------------------------
   351600        1172         0.5%     132.64.244.21
   155400         518         0.2%    193.236.39.153
   106500         355         0.1%   192.114.105.254
    88200         294         0.1%    192.114.91.249
    73200         244         0.1%      132.76.61.54
    69300         231         0.1%      132.76.61.53
    68400         228         0.1%    132.76.214.164
    62400         208         0.1%    192.114.91.243
    61800         206         0.1%    192.114.91.245
    61800         206         0.1%    192.114.91.248

Top-10 Possible Targets by Bytes:
          Src IP   Src Port          Dst IP   Dst Port   Sampled Count
--------------------------------------------------------------------
    79.124.62.82      59323                                 1682220000
    79.124.62.82                                            1682220000
  162.254.196.24        443                                  527400000
  162.254.196.24                                 10400       527400000
  162.254.196.24                                             527400000
                        443   132.64.244.21                  527400000
                              132.64.244.21      10400       527400000
                              132.64.244.21                  527400000
  104.156.155.14      53408                                  472680000
  104.156.155.14                                             472680000

Further Details:
https://primary.nemo.geant.org/alerts/details/236853/


More information about the Nemo-ddos-list mailing list