[NeMo-DDoS-List] FW: [Geant NeMo] Analysis for Alert #291789 WARN: IUCC (AS378) - [Email_Analysis] [IUCC] [Customer]

Hank Nussbacher hank at mail.iucc.ac.il
Wed Jun 12 10:29:16 IDT 2024




________________________________________
From: nemo-ddos at geant.org <nemo-ddos at geant.org>
Sent: Wednesday, June 12, 2024 10:29:10 AM (UTC+02:00) Jerusalem
To: soc at geant.org
Subject: [Geant NeMo] Analysis for Alert #291789 WARN: IUCC (AS378) - [Email_Analysis] [IUCC] [Customer]

Please find the analysis details for the Alert ID: 291789

Top-10 Src IPs by Packets:
   Packets   Est. Rate   % of Total            Src IP
----------------------------------------------------
  28717500       95725        51.9%   213.109.202.127
   1465500        4885         2.6%    185.242.226.44
   1126500        3755         2.0%       95.214.27.8
    992100        3307         1.8%    185.242.226.39
    969000        3230         1.7%    185.242.226.23
    960300        3201         1.7%     46.101.16.223
    832500        2775         1.5%    192.241.197.16
    576900        1923         1.0%    185.242.226.45
    443700        1479         0.8%    89.248.163.168
    412500        1375         0.7%    89.248.165.212

Top-10 Dst IPs by Packets:
  Packets   Est. Rate   % of Total            Dst IP
---------------------------------------------------
   279600         932         0.5%    132.66.175.222
   121200         404         0.2%   199.232.210.172
    42600         142         0.1%      132.76.61.53
    37800         126         0.1%      132.76.61.54
    33300         111         0.1%     132.65.240.60
    32700         109         0.1%     192.114.1.187
    30600         102         0.1%     104.22.48.147
    26700          89         0.0%   128.139.225.245
    24000          80         0.0%      132.76.61.52
    21300          71         0.0%    192.114.23.221

Top-10 Possible Targets by Bytes:
           Src IP   Src Port           Dst IP   Dst Port   Sampled Count
----------------------------------------------------------------------
  213.109.202.127                                             1723050000
   199.232.82.172         80                                   417131400
   199.232.82.172                                              417131400
   199.232.82.172                                  62298       398113800
                          80   132.66.175.222                  398113800
                               132.66.175.222      62298       398113800
                               132.66.175.222                  398113800
   185.242.226.44                                               64482000
      95.214.27.8                                   8081        49566000
      95.214.27.8                                               49566000

Further Details:
https://primary.nemo.geant.org/alerts/details/291789/


More information about the Nemo-ddos-list mailing list