[NeMo-DDoS-List] FW: [Geant NeMo] Analysis for Alert #262499 WARN: IUCC (AS378) - [Customer] [IUCC] [Email_Analysis]

Hank Nussbacher hank at mail.iucc.ac.il
Wed Mar 20 18:34:09 IST 2024




________________________________________
From: nemo-ddos at geant.org <nemo-ddos at geant.org>
Sent: Wednesday, March 20, 2024 6:34:01 PM (UTC+02:00) Jerusalem
To: soc at geant.org
Subject: [Geant NeMo] Analysis for Alert #262499 WARN: IUCC (AS378) - [Customer] [IUCC] [Email_Analysis]

Please find the analysis details for the Alert ID: 262499

Top-10 Src IPs by Packets:
    Packets   Est. Rate   % of Total           Src IP
----------------------------------------------------
  163632000      545440        42.1%     23.223.77.24
   23402100       78007         6.0%    72.247.196.67
   14028600       46762         3.6%   192.114.23.234
    6297300       20991         1.6%   216.58.204.234
    5553600       18512         1.4%    68.232.34.200
    5025900       16753         1.3%    132.66.253.21
    4045200       13484         1.0%    216.58.205.42
    3893400       12978         1.0%     52.222.144.9
    3651600       12172         0.9%     52.84.151.45
    3447000       11490         0.9%    52.222.144.51

Top-10 Dst IPs by Packets:
   Packets   Est. Rate   % of Total            Dst IP
----------------------------------------------------
  14094600       46982         3.6%     17.248.213.69
  11337900       37793         2.9%    132.64.163.110
   9843300       32811         2.5%    192.114.91.213
   7226400       24088         1.9%      192.114.5.10
   6229500       20765         1.6%     128.139.200.4
   5121300       17071         1.3%     128.139.200.5
   4795500       15985         1.2%     132.66.253.21
   4623300       15411         1.2%    192.114.91.248
   4616100       15387         1.2%      132.76.61.53
   4521900       15073         1.2%   192.114.105.254

Top-10 Possible Targets by Bytes:
          Src IP   Src Port           Dst IP   Dst Port   Sampled Count
---------------------------------------------------------------------
    23.223.77.24        443                                245044100400
    23.223.77.24                                           245044100400
   72.247.196.67        443                                 35014989300
   72.247.196.67                                            35014989300
                        443   132.64.163.110                16457837700
                              132.64.163.110                16457837700
                              192.114.91.213                12676812300
  216.58.204.234        443                                  8777236200
  216.58.204.234                                             8777236200
                               128.139.200.4                 8411782200

Further Details:
https://primary.nemo.geant.org/alerts/details/262499/


More information about the Nemo-ddos-list mailing list