[NeMo-DDoS-List] FW: [Geant NeMo] Analysis for Alert #290356 WARN: IUCC (AS378) - [Email_Analysis] [IUCC] [Customer]

Hank Nussbacher hank at mail.iucc.ac.il
Sat Jun 8 05:48:48 IDT 2024




________________________________________
From: nemo-ddos at geant.org <nemo-ddos at geant.org>
Sent: Saturday, June 8, 2024 5:48:41 AM (UTC+02:00) Jerusalem
To: soc at geant.org
Subject: [Geant NeMo] Analysis for Alert #290356 WARN: IUCC (AS378) - [Email_Analysis] [IUCC] [Customer]

Please find the analysis details for the Alert ID: 290356

Top-10 Src IPs by Packets:
  Packets   Est. Rate   % of Total           Src IP
--------------------------------------------------
  2136900        7123         2.9%   104.152.52.139
  2116500        7055         2.9%   104.152.52.141
  2107800        7026         2.9%   104.152.52.144
  2097900        6993         2.8%   104.152.52.226
  2095200        6984         2.8%   104.152.52.216
  2093100        6977         2.8%   104.152.52.111
  2086200        6954         2.8%   104.152.52.193
  2085000        6950         2.8%   104.152.52.185
  2083800        6946         2.8%   104.152.52.178
  2081100        6937         2.8%   104.152.52.244

Top-10 Dst IPs by Packets:
  Packets   Est. Rate   % of Total            Dst IP
---------------------------------------------------
    38700         129         0.1%        132.72.6.1
    34500         115         0.0%      132.76.61.54
    31500         105         0.0%     192.114.1.187
    27900          93         0.0%     132.65.240.60
    26700          89         0.0%      132.76.61.53
    24600          82         0.0%   141.101.196.210
    17100          57         0.0%     104.22.48.147
    12300          41         0.0%     104.22.49.147
    10800          36         0.0%     132.66.251.11
     7800          26         0.0%   128.139.225.245

Top-10 Possible Targets by Bytes:
          Src IP   Src Port   Dst IP   Dst Port   Sampled Count
-------------------------------------------------------------
  104.152.52.139      54469                            85476000
  104.152.52.139                                       85476000
  104.152.52.141      54471                            84660000
  104.152.52.141                                       84660000
  104.152.52.144      54386                            84312000
  104.152.52.144                                       84312000
  104.152.52.226      54469                            83916000
  104.152.52.226                                       83916000
  104.152.52.216      54463                            83808000
  104.152.52.216                                       83808000

Further Details:
https://primary.nemo.geant.org/alerts/details/290356/


More information about the Nemo-ddos-list mailing list