[NeMo-DDoS-List] FW: [Geant NeMo] Analysis for Alert #264712 CRIT: IUCC (AS378) - [Customer] [IUCC] [Email_Analysis]

Hank Nussbacher hank at mail.iucc.ac.il
Wed Mar 27 00:17:06 IST 2024




________________________________________
From: nemo-ddos at geant.org <nemo-ddos at geant.org>
Sent: Wednesday, March 27, 2024 12:16:57 AM (UTC+02:00) Jerusalem
To: soc at geant.org
Subject: [Geant NeMo] Analysis for Alert #264712 CRIT: IUCC (AS378) - [Customer] [IUCC] [Email_Analysis]

Please find the analysis details for the Alert ID: 264712

Top-10 Src IPs by Packets:
   Packets   Est. Rate   % of Total                                 Src IP
-------------------------------------------------------------------------
  91410300      304701        29.7%                   2001:bf8:900:d:2::71
  17485500       58285         5.7%   2001:bf8:200:391:603d:401a:4926:65d5
  17123400       57078         5.6%                          162.19.198.35
   8600400       28668         2.8%                         216.58.204.234
   8079000       26930         2.6%                          34.104.35.123
   4109400       13698         1.3%                          13.107.136.10
   3926700       13089         1.3%                          162.125.69.12
   3851100       12837         1.3%                          216.58.205.42
   3691200       12304         1.2%                          13.107.138.10
   3690300       12301         1.2%                          18.161.111.12

Top-10 Dst IPs by Packets:
   Packets   Est. Rate   % of Total                   Dst IP
-----------------------------------------------------------
  34297800      114326        11.1%     2602:fd0f:0:1001::18
  28596300       95321         9.3%     2602:fd0f:0:1001::19
  28516200       95054         9.3%     2602:fd0f:0:1001::20
  17486400       58288         5.7%   2a01:b740:a41:632::2:3
  16656300       55521         5.4%           192.114.91.213
  10578000       35260         3.4%           132.64.163.110
   7155600       23852         2.3%            192.114.3.241
   5048700       16829         1.6%            128.139.200.5
   4280400       14268         1.4%            128.139.200.4
   4271400       14238         1.4%     2001:bf8:900:d:2::71

Top-10 Possible Targets by Bytes:
                Src IP   Src Port                 Dst IP   Dst Port   Sampled Count
---------------------------------------------------------------------------------
  2001:bf8:900:d:2::71       8443                                      137060962500
  2001:bf8:900:d:2::71                                                 137060962500
                             8443   2602:fd0f:0:1001::18                51424959900
                                    2602:fd0f:0:1001::18                51424959900
                             8443   2602:fd0f:0:1001::19                42881707800
                                    2602:fd0f:0:1001::19                42881707800
                             8443   2602:fd0f:0:1001::20                42754294800
                                    2602:fd0f:0:1001::20                42754294800
                                          192.114.91.213                22345120800
                              443         192.114.91.213                19510939200

Further Details:
https://primary.nemo.geant.org/alerts/details/264712/


More information about the Nemo-ddos-list mailing list