[NeMo-DDoS-List] FW: [Geant NeMo] Analysis for Alert #291586 CRIT: IUCC (AS378) - [Email_Analysis] [IUCC] [Customer]

Hank Nussbacher hank at mail.iucc.ac.il
Tue Jun 11 21:00:43 IDT 2024




________________________________________
From: nemo-ddos at geant.org <nemo-ddos at geant.org>
Sent: Tuesday, June 11, 2024 9:00:41 PM (UTC+02:00) Jerusalem
To: soc at geant.org
Subject: [Geant NeMo] Analysis for Alert #291586 CRIT: IUCC (AS378) - [Email_Analysis] [IUCC] [Customer]

Please find the analysis details for the Alert ID: 291586

Top-10 Src IPs by Packets:
   Packets   Est. Rate   % of Total            Src IP
----------------------------------------------------
  30329400      101098        59.0%   213.109.202.127
   1011000        3370         2.0%      3.125.17.226
   1005600        3352         2.0%    192.241.238.28
    969300        3231         1.9%   172.206.142.122
    772800        2576         1.5%    222.186.13.133
    611700        2039         1.2%     4.151.220.185
    461400        1538         0.9%    89.248.163.168
    426300        1421         0.8%    89.248.165.212
    354300        1181         0.7%      2.57.122.107
    253200         844         0.5%    18.221.241.234

Top-10 Dst IPs by Packets:
  Packets   Est. Rate   % of Total            Dst IP
---------------------------------------------------
   114300         381         0.2%   128.139.225.245
    41400         138         0.1%      132.76.61.53
    41400         138         0.1%     192.114.1.187
    40200         134         0.1%    192.114.23.221
    38400         128         0.1%      132.76.61.54
    35100         117         0.1%     104.22.48.147
    31200         104         0.1%     132.65.240.60
    20400          68         0.0%    132.73.113.121
    18600          62         0.0%      132.76.10.44
    16500          55         0.0%     192.114.3.241

Top-10 Possible Targets by Bytes:
           Src IP   Src Port            Dst IP   Dst Port   Sampled Count
-----------------------------------------------------------------------
  213.109.202.127                                              1819764000
                               128.139.225.245                   90640200
                         443   128.139.225.245                   89541000
     3.125.17.226                                     443        44503200
     3.125.17.226                                                44503200
   134.224.89.119        443                                     43614600
   134.224.89.119                                   58639        43614600
   134.224.89.119                                                43614600
                               128.139.225.245      58639        43614600
   192.241.238.28                                    8090        40224000

Further Details:
https://primary.nemo.geant.org/alerts/details/291586/


More information about the Nemo-ddos-list mailing list