[NeMo-DDoS-List] FW: [Geant NeMo] Analysis for Alert #342637 WARN: IUCC (AS378) - [Email_Analysis] [Customer] [IUCC]

Hank Nussbacher hank at mail.iucc.ac.il
Mon Oct 7 22:57:42 IDT 2024




________________________________________
From: nemo-ddos at geant.org <nemo-ddos at geant.org>
Sent: Monday, October 7, 2024 10:57:35 PM (UTC+02:00) Jerusalem
To: soc at geant.org
Subject: [Geant NeMo] Analysis for Alert #342637 WARN: IUCC (AS378) - [Email_Analysis] [Customer] [IUCC]

Please find the analysis details for the Alert ID: 342637

Top-10 Src IPs by Packets:
   Packets   Est. Rate   % of Total            Src IP
----------------------------------------------------
  16268400       54228         8.8%      94.156.35.50
   4771800       15906         2.6%    216.58.204.251
   4584600       15282         2.5%     162.125.69.12
   3885300       12951         2.1%    54.230.112.104
   3832200       12774         2.1%    195.66.210.138
   2889900        9633         1.6%     13.107.136.10
   2477700        8259         1.3%   142.250.180.138
   2329500        7765         1.3%    157.240.252.63
   2304900        7683         1.2%    157.240.253.63
   2183100        7277         1.2%      132.76.61.53

Top-10 Dst IPs by Packets:
    Packets   Est. Rate   % of Total            Dst IP
-----------------------------------------------------
  339123600     1130412       182.4%     132.66.251.11
   13922700       46409         7.5%   128.139.225.245
    6945000       23150         3.7%      132.76.61.54
    6478800       21596         3.5%      132.68.38.54
    4716000       15720         2.5%     132.66.112.47
    4152000       13840         2.2%      132.76.61.53
    3915300       13051         2.1%     128.139.200.4
    3165300       10551         1.7%      132.76.10.43
    3026100       10087         1.6%     128.139.200.5
    2529600        8432         1.4%    192.114.23.221

Top-10 Possible Targets by Bytes:
  Src IP   Src Port            Dst IP   Dst Port   Sampled Count
--------------------------------------------------------------
                        132.66.251.11                65645934900
                        132.66.251.11                30552228900
                        132.66.251.11                30533776200
                        132.66.251.11         80     19974983100
                 53     132.66.251.11                17932069200
                      128.139.225.245                17314173000
                443   128.139.225.245                14023242000
                443     132.66.251.11                14004316500
                443      132.68.38.54                 9512362500
                         132.68.38.54                 9512362500

Metric Info:
1M Packets/s

Alert Type:
time_window

Alert Description:
High packet rate

Start Time: 2024-10-07 19:50:16
End Time: ongoing

First Event Seen: 2024-10-07 19:48:00
Last Event Seen: 2024-10-07 19:56:00

Further Details:
https://primary.nemo.geant.org/alerts/details/342637/


More information about the Nemo-ddos-list mailing list