[NeMo-DDoS-List] FW: [Geant NeMo] Analysis for Alert #342637 WARN: IUCC (AS378) - [Email_Analysis] [Customer] [IUCC]
Hank Nussbacher
hank at mail.iucc.ac.il
Mon Oct 7 22:57:42 IDT 2024
________________________________________
From: nemo-ddos at geant.org <nemo-ddos at geant.org>
Sent: Monday, October 7, 2024 10:57:35 PM (UTC+02:00) Jerusalem
To: soc at geant.org
Subject: [Geant NeMo] Analysis for Alert #342637 WARN: IUCC (AS378) - [Email_Analysis] [Customer] [IUCC]
Please find the analysis details for the Alert ID: 342637
Top-10 Src IPs by Packets:
Packets Est. Rate % of Total Src IP
----------------------------------------------------
16268400 54228 8.8% 94.156.35.50
4771800 15906 2.6% 216.58.204.251
4584600 15282 2.5% 162.125.69.12
3885300 12951 2.1% 54.230.112.104
3832200 12774 2.1% 195.66.210.138
2889900 9633 1.6% 13.107.136.10
2477700 8259 1.3% 142.250.180.138
2329500 7765 1.3% 157.240.252.63
2304900 7683 1.2% 157.240.253.63
2183100 7277 1.2% 132.76.61.53
Top-10 Dst IPs by Packets:
Packets Est. Rate % of Total Dst IP
-----------------------------------------------------
339123600 1130412 182.4% 132.66.251.11
13922700 46409 7.5% 128.139.225.245
6945000 23150 3.7% 132.76.61.54
6478800 21596 3.5% 132.68.38.54
4716000 15720 2.5% 132.66.112.47
4152000 13840 2.2% 132.76.61.53
3915300 13051 2.1% 128.139.200.4
3165300 10551 1.7% 132.76.10.43
3026100 10087 1.6% 128.139.200.5
2529600 8432 1.4% 192.114.23.221
Top-10 Possible Targets by Bytes:
Src IP Src Port Dst IP Dst Port Sampled Count
--------------------------------------------------------------
132.66.251.11 65645934900
132.66.251.11 30552228900
132.66.251.11 30533776200
132.66.251.11 80 19974983100
53 132.66.251.11 17932069200
128.139.225.245 17314173000
443 128.139.225.245 14023242000
443 132.66.251.11 14004316500
443 132.68.38.54 9512362500
132.68.38.54 9512362500
Metric Info:
1M Packets/s
Alert Type:
time_window
Alert Description:
High packet rate
Start Time: 2024-10-07 19:50:16
End Time: ongoing
First Event Seen: 2024-10-07 19:48:00
Last Event Seen: 2024-10-07 19:56:00
Further Details:
https://primary.nemo.geant.org/alerts/details/342637/
More information about the Nemo-ddos-list
mailing list