[NeMo-DDoS-List] FW: [Geant NeMo] Analysis for Alert #289641 WARN: IUCC (AS378) - [Email_Analysis] [IUCC] [Customer]

Hank Nussbacher hank at mail.iucc.ac.il
Thu Jun 6 09:38:40 IDT 2024




________________________________________
From: nemo-ddos at geant.org <nemo-ddos at geant.org>
Sent: Thursday, June 6, 2024 9:38:35 AM (UTC+02:00) Jerusalem
To: soc at geant.org
Subject: [Geant NeMo] Analysis for Alert #289641 WARN: IUCC (AS378) - [Email_Analysis] [IUCC] [Customer]

Please find the analysis details for the Alert ID: 289641

Top-10 Src IPs by Packets:
   Packets   Est. Rate   % of Total            Src IP
----------------------------------------------------
  16450800       54836         9.8%    109.74.194.226
  16386600       54622         9.8%    172.232.43.141
  16376400       54588         9.8%      172.232.60.4
  15497700       51659         9.3%    172.234.236.11
  14970900       49903         9.0%     23.239.30.180
  14377500       47925         8.6%   172.104.248.118
  13881300       46271         8.3%    109.74.194.237
  13284300       44281         8.0%     172.233.62.88
  13049400       43498         7.8%   172.104.145.194
  12342900       41143         7.4%    172.233.62.134

Top-10 Dst IPs by Packets:
    Packets   Est. Rate   % of Total            Dst IP
-----------------------------------------------------
  165888600      552962        99.3%     132.66.251.11
     194100         647         0.1%     128.139.199.6
     185700         619         0.1%     128.139.199.5
      15600          52         0.0%    157.240.196.34
       6000          20         0.0%    157.240.195.34
       6000          20         0.0%   128.139.225.245
       6000          20         0.0%    128.139.197.81
       5700          19         0.0%      159.124.4.35
       5100          17         0.0%     128.139.208.6
       4800          16         0.0%     128.139.199.8

Top-10 Possible Targets by Bytes:
          Src IP   Src Port          Dst IP   Dst Port   Sampled Count
--------------------------------------------------------------------
                              132.66.251.11                 4644897600
                              132.66.251.11       2048      4644897600
                              132.66.251.11                 4644897600
  109.74.194.226                                             460622400
  109.74.194.226                                  2048       460622400
  109.74.194.226                                             460622400
  172.232.43.141                                             458824800
  172.232.43.141                                  2048       458824800
  172.232.43.141                                             458824800
    172.232.60.4                                             458539200

Further Details:
https://primary.nemo.geant.org/alerts/details/289641/


More information about the Nemo-ddos-list mailing list