[NeMo-DDoS-List] FW: [Geant NeMo] Analysis for Alert #335166 WARN: IUCC (AS378) - [Email_Analysis] [Customer] [IUCC]
Hank Nussbacher
hank at mail.iucc.ac.il
Thu Sep 19 20:50:29 IDT 2024
________________________________________
From: nemo-ddos at geant.org <nemo-ddos at geant.org>
Sent: Thursday, September 19, 2024 8:50:18 PM (UTC+02:00) Jerusalem
To: soc at geant.org
Subject: [Geant NeMo] Analysis for Alert #335166 WARN: IUCC (AS378) - [Email_Analysis] [Customer] [IUCC]
Please find the analysis details for the Alert ID: 335166
Top-10 Src IPs by Packets:
Packets Est. Rate % of Total Src IP
--------------------------------------------------
1505100 5017 3.2% 31.13.84.52
1097400 3658 2.3% 157.240.252.63
994500 3315 2.1% 67.1.197.125
893700 2979 1.9% 157.240.253.63
893400 2978 1.9% 157.240.251.63
892200 2974 1.9% 192.114.5.10
890700 2969 1.9% 132.74.20.45
684300 2281 1.4% 208.67.222.222
576000 1920 1.2% 31.13.84.4
471900 1573 1.0% 157.240.252.13
Top-10 Dst IPs by Packets:
Packets Est. Rate % of Total Dst IP
----------------------------------------------------
18324300 61081 38.7% 128.139.6.1
3894600 12982 8.2% 128.139.225.245
1002600 3342 2.1% 132.66.4.110
750600 2502 1.6% 192.114.23.221
696300 2321 1.5% 192.114.52.14
644700 2149 1.4% 51.16.175.215
602400 2008 1.3% 192.114.91.249
550200 1834 1.2% 192.114.52.7
519300 1731 1.1% 128.139.35.5
437700 1459 0.9% 192.114.52.1
Top-10 Possible Targets by Bytes:
Src IP Src Port Dst IP Dst Port Sampled Count
--------------------------------------------------------------------
128.139.6.1 8486076900
123 128.139.6.1 8486052000
128.139.225.245 4128679200
443 128.139.225.245 2455998900
31.13.84.52 443 1850849400
31.13.84.52 1850849400
132.66.4.110 4501 1364822400
132.66.4.110 1364822400
67.1.197.125 56740 1363790400
67.1.197.125 4501 1363790400
Metric Info:
290k UDP Packets/s
Alert Type:
time_window
Alert Description:
High UDP packet rate
Start Time: 2024-09-19 17:42:19
End Time: ongoing
First Event Seen: 2024-09-19 17:40:00
Last Event Seen: 2024-09-19 17:49:00
Further Details:
https://primary.nemo.geant.org/alerts/details/335166/
More information about the Nemo-ddos-list
mailing list