[NeMo-DDoS-List] FW: [Geant NeMo] Analysis for Alert #264710 CRIT: IUCC (AS378) - [Customer] [IUCC] [Email_Analysis]
Hank Nussbacher
hank at mail.iucc.ac.il
Wed Mar 27 00:17:13 IST 2024
________________________________________
From: nemo-ddos at geant.org <nemo-ddos at geant.org>
Sent: Wednesday, March 27, 2024 12:17:08 AM (UTC+02:00) Jerusalem
To: soc at geant.org
Subject: [Geant NeMo] Analysis for Alert #264710 CRIT: IUCC (AS378) - [Customer] [IUCC] [Email_Analysis]
Please find the analysis details for the Alert ID: 264710
Top-10 Src IPs by Packets:
Packets Est. Rate % of Total Src IP
-------------------------------------------------------------------------
91410300 304701 33.5% 2001:bf8:900:d:2::71
17485500 58285 6.4% 2001:bf8:200:391:603d:401a:4926:65d5
8600100 28667 3.2% 216.58.204.234
8079000 26930 3.0% 34.104.35.123
4109400 13698 1.5% 13.107.136.10
3926700 13089 1.4% 162.125.69.12
3850800 12836 1.4% 216.58.205.42
3691200 12304 1.4% 13.107.138.10
3690300 12301 1.4% 18.161.111.12
3234300 10781 1.2% 192.114.91.213
Top-10 Dst IPs by Packets:
Packets Est. Rate % of Total Dst IP
-----------------------------------------------------------
34297800 114326 12.6% 2602:fd0f:0:1001::18
28596300 95321 10.5% 2602:fd0f:0:1001::19
28516200 95054 10.4% 2602:fd0f:0:1001::20
17486400 58288 6.4% 2a01:b740:a41:632::2:3
16646100 55487 6.1% 192.114.91.213
10578000 35260 3.9% 132.64.163.110
7153800 23846 2.6% 192.114.3.241
5048700 16829 1.9% 128.139.200.5
4281000 14270 1.6% 128.139.200.4
4271400 14238 1.6% 2001:bf8:900:d:2::71
Top-10 Possible Targets by Bytes:
Src IP Src Port Dst IP Dst Port Sampled Count
---------------------------------------------------------------------------------
2001:bf8:900:d:2::71 8443 137060962500
2001:bf8:900:d:2::71 137060962500
8443 2602:fd0f:0:1001::18 51424959900
2602:fd0f:0:1001::18 51424959900
8443 2602:fd0f:0:1001::19 42881707800
2602:fd0f:0:1001::19 42881707800
8443 2602:fd0f:0:1001::20 42754294800
2602:fd0f:0:1001::20 42754294800
192.114.91.213 22345604400
443 192.114.91.213 19511446800
Further Details:
https://primary.nemo.geant.org/alerts/details/264710/
More information about the Nemo-ddos-list
mailing list