[NeMo-DDoS-List] FW: [Geant NeMo] Analysis for Alert #291584 CRIT: IUCC (AS378) - [Email_Analysis] [IUCC] [Customer]

Hank Nussbacher hank at mail.iucc.ac.il
Tue Jun 11 20:59:45 IDT 2024




________________________________________
From: nemo-ddos at geant.org <nemo-ddos at geant.org>
Sent: Tuesday, June 11, 2024 8:59:44 PM (UTC+02:00) Jerusalem
To: soc at geant.org
Subject: [Geant NeMo] Analysis for Alert #291584 CRIT: IUCC (AS378) - [Email_Analysis] [IUCC] [Customer]

Please find the analysis details for the Alert ID: 291584

Top-10 Src IPs by Packets:
   Packets   Est. Rate   % of Total            Src IP
----------------------------------------------------
  22143000       73810        51.6%   213.109.202.127
    969300        3231         2.3%   172.206.142.122
    900600        3002         2.1%    192.241.238.28
    577800        1926         1.3%    185.242.226.45
    474600        1582         1.1%      3.125.17.226
    466200        1554         1.1%    89.248.163.168
    431700        1439         1.0%    89.248.165.212
    409200        1364         1.0%     4.151.220.185
    354600        1182         0.8%      2.57.122.107
    258000         860         0.6%    47.109.182.195

Top-10 Dst IPs by Packets:
  Packets   Est. Rate   % of Total            Dst IP
---------------------------------------------------
   108900         363         0.3%   128.139.225.245
    48300         161         0.1%      132.76.61.53
    42300         141         0.1%     192.114.1.187
    37200         124         0.1%    192.114.23.221
    37200         124         0.1%      132.76.61.54
    33000         110         0.1%     104.22.48.147
    32400         108         0.1%     132.65.240.60
    19800          66         0.0%    132.73.113.121
    18300          61         0.0%      132.76.10.44
    16200          54         0.0%   199.232.214.172

Top-10 Possible Targets by Bytes:
           Src IP   Src Port            Dst IP   Dst Port   Sampled Count
-----------------------------------------------------------------------
  213.109.202.127                                              1328580000
                               128.139.225.245                   86640000
                         443   128.139.225.245                   86487600
   134.224.89.119        443                                     41804400
   134.224.89.119                                   58639        41804400
   134.224.89.119                                                41804400
                               128.139.225.245      58639        41804400
  172.206.142.122                                     443        38778000
  172.206.142.122                                                38778000
  149.154.167.223        443                                     38349600

Further Details:
https://primary.nemo.geant.org/alerts/details/291584/


More information about the Nemo-ddos-list mailing list