[NeMo-DDoS-List] FW: [Geant NeMo] Analysis for Alert #254989 WARN: IUCC (AS378) - [Customer] [IUCC] [Email_Analysis]

Hank Nussbacher hank at mail.iucc.ac.il
Fri Mar 1 13:19:13 IST 2024




________________________________________
From: nemo-ddos at geant.org <nemo-ddos at geant.org>
Sent: Friday, March 1, 2024 1:18:56 PM (UTC+02:00) Jerusalem
To: soc at geant.org
Subject: [Geant NeMo] Analysis for Alert #254989 WARN: IUCC (AS378) - [Customer] [IUCC] [Email_Analysis]

Please find the analysis details for the Alert ID: 254989

Top-10 Src IPs by Packets:
  Packets   Est. Rate   % of Total                               Src IP
----------------------------------------------------------------------
   774300        2581         6.8%                       118.123.105.93
   711900        2373         6.3%                       209.85.137.254
   435300        1451         3.8%                       157.240.196.63
   426900        1423         3.8%                       134.105.127.26
   410100        1367         3.6%                       157.240.195.63
   407400        1358         3.6%   2a03:2880:f207:c4:face:b00c:0:43fe
   397800        1326         3.5%                   2a00:1450:4812::1a
   321000        1070         2.8%                       208.67.222.222
   309300        1031         2.7%                       157.240.196.15
   280200         934         2.5%                       208.67.220.220

Top-10 Dst IPs by Packets:
   Packets   Est. Rate   % of Total               Dst IP
-------------------------------------------------------
  27423300       91411       241.1%       132.74.189.186
   1075800        3586         9.5%      128.139.225.245
    426900        1423         3.8%       132.72.116.201
    415800        1386         3.7%       128.139.200.60
    408000        1360         3.6%   2a00:1450:4812::1a
    293400         978         2.6%       128.139.200.61
    228300         761         2.0%       192.114.91.243
    210300         701         1.8%       192.114.91.245
    204000         680         1.8%    2001:bf8:900:7::5
    195300         651         1.7%    2001:bf8:900:7::4

Top-10 Possible Targets by Bytes:
                              Src IP   Src Port            Dst IP   Dst Port   Sampled Count
------------------------------------------------------------------------------------------
                                                   132.74.189.186                27430221900
                                                   132.74.189.186                26014890600
                                                   132.74.189.186                26014890600
                                             53    132.74.189.186                 1408539600
                                                  128.139.225.245                 1062004500
                                            443   128.139.225.245                  958575600
                      157.240.196.63        443                                    527371800
                      157.240.196.63                                               527371800
  2a03:2880:f207:c4:face:b00c:0:43fe        443                                    512112000
  2a03:2880:f207:c4:face:b00c:0:43fe                                               512112000

Further Details:
https://primary.nemo.geant.org/alerts/details/254989/


More information about the Nemo-ddos-list mailing list