[NeMo-DDoS-List] [Geant NeMo] Analysis for Alert #264710 WARN: IUCC (AS378) - [Customer] [IUCC] [Email_Analysis]

Hank Nussbacher hank at mail.iucc.ac.il
Wed Mar 27 07:21:37 IST 2024


Boker tov,

 For those wondering what this was - 2001:BF8:0900:d:/64 is the Technion LHC segment so this was just a massive data transfer from CERN.

Regards,
Hank

-----Original Message-----
From: Nemo-ddos-list <nemo-ddos-list-bounces at nocvm.ilan.net.il> On Behalf Of Hank Nussbacher
Sent: Wednesday, 27 March 2024 0:09
To: Nemo-ddos-list at nocvm.ilan.net.il
Subject: [NeMo-DDoS-List] FW: [Geant NeMo] Analysis for Alert #264710 WARN: IUCC (AS378) - [Customer] [IUCC] [Email_Analysis]




________________________________________
From: nemo-ddos at geant.org <nemo-ddos at geant.org>
Sent: Wednesday, March 27, 2024 12:08:24 AM (UTC+02:00) Jerusalem
To: soc at geant.org
Subject: [Geant NeMo] Analysis for Alert #264710 WARN: IUCC (AS378) - [Customer] [IUCC] [Email_Analysis]

Please find the analysis details for the Alert ID: 264710

Top-10 Src IPs by Packets:
   Packets   Est. Rate   % of Total                                 Src IP
-------------------------------------------------------------------------
  91410300      304701        33.5%                   2001:bf8:900:d:2::71
  17485500       58285         6.4%   2001:bf8:200:391:603d:401a:4926:65d5
   8600100       28667         3.2%                         216.58.204.234
   8079000       26930         3.0%                          34.104.35.123
   4109400       13698         1.5%                          13.107.136.10
   3926700       13089         1.4%                          162.125.69.12
   3850800       12836         1.4%                          216.58.205.42
   3691200       12304         1.4%                          13.107.138.10
   3690300       12301         1.4%                          18.161.111.12
   3234300       10781         1.2%                         192.114.91.213

Top-10 Dst IPs by Packets:
   Packets   Est. Rate   % of Total                   Dst IP
-----------------------------------------------------------
  34297800      114326        12.6%     2602:fd0f:0:1001::18
  28596300       95321        10.5%     2602:fd0f:0:1001::19
  28516200       95054        10.4%     2602:fd0f:0:1001::20
  17486400       58288         6.4%   2a01:b740:a41:632::2:3
  16646100       55487         6.1%           192.114.91.213
  10578000       35260         3.9%           132.64.163.110
   7153800       23846         2.6%            192.114.3.241
   5048700       16829         1.9%            128.139.200.5
   4281000       14270         1.6%            128.139.200.4
   4271400       14238         1.6%     2001:bf8:900:d:2::71

Top-10 Possible Targets by Bytes:
                Src IP   Src Port                 Dst IP   Dst Port   Sampled Count
---------------------------------------------------------------------------------
  2001:bf8:900:d:2::71       8443                                      137060962500
  2001:bf8:900:d:2::71                                                 137060962500
                             8443   2602:fd0f:0:1001::18                51424959900
                                    2602:fd0f:0:1001::18                51424959900
                             8443   2602:fd0f:0:1001::19                42881707800
                                    2602:fd0f:0:1001::19                42881707800
                             8443   2602:fd0f:0:1001::20                42754294800
                                    2602:fd0f:0:1001::20                42754294800
                                          192.114.91.213                22345604400
                              443         192.114.91.213                19511446800

Further Details:
https://primary.nemo.geant.org/alerts/details/264710/
--
Nemo-ddos-list mailing list
Nemo-ddos-list at nocvm.ilan.net.il
https://nocvm.iucc.ac.il/cgi-bin/mailman/listinfo/nemo-ddos-list


More information about the Nemo-ddos-list mailing list