[NeMo-DDoS-List] FW: [Geant NeMo] Analysis for Alert #302016 WARN: IUCC (AS378) - [Email_Analysis] [IUCC] [Customer]

Hank Nussbacher hank at mail.iucc.ac.il
Fri Jul 5 19:48:47 IDT 2024




________________________________________
From: nemo-ddos at geant.org <nemo-ddos at geant.org>
Sent: Friday, July 5, 2024 7:48:41 PM (UTC+02:00) Jerusalem
To: soc at geant.org
Subject: [Geant NeMo] Analysis for Alert #302016 WARN: IUCC (AS378) - [Email_Analysis] [IUCC] [Customer]

Please find the analysis details for the Alert ID: 302016

Top-10 Src IPs by Packets:
  Packets   Est. Rate   % of Total           Src IP
--------------------------------------------------
  4162800       13876         8.1%   104.152.52.221
  2130600        7102         4.1%   104.152.52.125
  2110500        7035         4.1%   104.152.52.142
  2081700        6939         4.0%   104.152.52.114
  2081400        6938         4.0%   104.152.52.229
  2046300        6821         4.0%   104.152.52.131
  2041200        6804         4.0%   104.152.52.120
  1423800        4746         2.8%   193.36.224.160
  1419600        4732         2.8%   104.152.52.207
  1310700        4369         2.5%   104.152.52.228

Top-10 Dst IPs by Packets:
  Packets   Est. Rate   % of Total            Dst IP
---------------------------------------------------
   576300        1921         1.1%    192.114.91.244
    55800         186         0.1%   128.139.225.245
    45600         152         0.1%      132.76.61.54
    42600         142         0.1%      3.160.185.69
    40800         136         0.1%     192.114.3.241
    39000         130         0.1%      132.76.61.53
    37200         124         0.1%     132.65.240.60
    21300          71         0.0%     192.114.1.187
    20700          69         0.0%      132.68.238.2
    13200          44         0.0%      132.76.61.52

Top-10 Possible Targets by Bytes:
          Src IP   Src Port           Dst IP   Dst Port   Sampled Count
---------------------------------------------------------------------
                        443   192.114.91.244                  814554600
                              192.114.91.244                  814554600
   52.222.144.20        443                                   814536600
   52.222.144.20                                  10401       814536600
   52.222.144.20                                              814536600
                              192.114.91.244      10401       814536600
  104.152.52.221                                              166512000
  104.152.52.125      57414                                    85224000
  104.152.52.125                                               85224000
  104.152.52.142      57426                                    84420000

Further Details:
https://primary.nemo.geant.org/alerts/details/302016/


More information about the Nemo-ddos-list mailing list