[NeMo-DDoS-List] FW: [Geant NeMo] Analysis for Alert #264712 WARN: IUCC (AS378) - [Customer] [IUCC] [Email_Analysis]
Hank Nussbacher
hank at mail.iucc.ac.il
Wed Mar 27 00:08:32 IST 2024
________________________________________
From: nemo-ddos at geant.org <nemo-ddos at geant.org>
Sent: Wednesday, March 27, 2024 12:08:24 AM (UTC+02:00) Jerusalem
To: soc at geant.org
Subject: [Geant NeMo] Analysis for Alert #264712 WARN: IUCC (AS378) - [Customer] [IUCC] [Email_Analysis]
Please find the analysis details for the Alert ID: 264712
Top-10 Src IPs by Packets:
Packets Est. Rate % of Total Src IP
-------------------------------------------------------------------------
91410300 304701 29.7% 2001:bf8:900:d:2::71
17485500 58285 5.7% 2001:bf8:200:391:603d:401a:4926:65d5
17123400 57078 5.6% 162.19.198.35
8600400 28668 2.8% 216.58.204.234
8079000 26930 2.6% 34.104.35.123
4109400 13698 1.3% 13.107.136.10
3926700 13089 1.3% 162.125.69.12
3851100 12837 1.3% 216.58.205.42
3691200 12304 1.2% 13.107.138.10
3690300 12301 1.2% 18.161.111.12
Top-10 Dst IPs by Packets:
Packets Est. Rate % of Total Dst IP
-----------------------------------------------------------
34297800 114326 11.1% 2602:fd0f:0:1001::18
28596300 95321 9.3% 2602:fd0f:0:1001::19
28516200 95054 9.3% 2602:fd0f:0:1001::20
17486400 58288 5.7% 2a01:b740:a41:632::2:3
16656300 55521 5.4% 192.114.91.213
10578000 35260 3.4% 132.64.163.110
7155600 23852 2.3% 192.114.3.241
5048700 16829 1.6% 128.139.200.5
4280400 14268 1.4% 128.139.200.4
4271400 14238 1.4% 2001:bf8:900:d:2::71
Top-10 Possible Targets by Bytes:
Src IP Src Port Dst IP Dst Port Sampled Count
---------------------------------------------------------------------------------
2001:bf8:900:d:2::71 8443 137060962500
2001:bf8:900:d:2::71 137060962500
8443 2602:fd0f:0:1001::18 51424959900
2602:fd0f:0:1001::18 51424959900
8443 2602:fd0f:0:1001::19 42881707800
2602:fd0f:0:1001::19 42881707800
8443 2602:fd0f:0:1001::20 42754294800
2602:fd0f:0:1001::20 42754294800
192.114.91.213 22345120800
443 192.114.91.213 19510939200
Further Details:
https://primary.nemo.geant.org/alerts/details/264712/
More information about the Nemo-ddos-list
mailing list