[NeMo-DDoS-List] FW: [Geant NeMo] Analysis for Alert #336205 CRIT: IUCC (AS378) - [Email_Analysis] [Customer] [IUCC]

Hank Nussbacher hank at mail.iucc.ac.il
Sun Sep 22 04:48:31 IDT 2024




________________________________________
From: nemo-ddos at geant.org <nemo-ddos at geant.org>
Sent: Sunday, September 22, 2024 4:48:23 AM (UTC+02:00) Jerusalem
To: soc at geant.org
Subject: [Geant NeMo] Analysis for Alert #336205 CRIT: IUCC (AS378) - [Email_Analysis] [Customer] [IUCC]

Please find the analysis details for the Alert ID: 336205

Top-10 Src IPs by Packets:
   Packets   Est. Rate   % of Total            Src IP
----------------------------------------------------
  63218100      210727        25.4%        132.74.3.4
  60419700      201399        24.2%        132.74.3.3
  10650300       35501         4.3%         3.5.58.15
   7440900       24803         3.0%       16.12.14.10
   6468300       21561         2.6%         3.5.56.12
   4546200       15154         1.8%       16.12.13.18
   3163500       10545         1.3%   142.250.180.138
   3035100       10117         1.2%        132.74.3.2
   2965800        9886         1.2%    104.152.52.182
   1854000        6180         0.7%    142.251.39.106

Top-10 Dst IPs by Packets:
   Packets   Est. Rate   % of Total            Dst IP
----------------------------------------------------
  46276800      154256        18.6%         3.5.58.15
  31358100      104527        12.6%       16.12.14.10
  27106800       90356        10.9%         3.5.56.12
  18837900       62793         7.6%       16.12.13.18
  14789700       49299         5.9%        132.74.3.4
  14343000       47810         5.8%        132.74.3.3
   4229100       14097         1.7%   128.139.225.245
   3157800       10526         1.3%      132.66.52.85
   2670000        8900         1.1%     128.139.200.4
   1868700        6229         0.7%    132.64.165.232

Top-10 Possible Targets by Bytes:
      Src IP   Src Port        Dst IP   Dst Port   Sampled Count
--------------------------------------------------------------
  132.74.3.4                                 443     93488615100
  132.74.3.4                                         93488615100
  132.74.3.3                                 443     89645246100
  132.74.3.3                                         89645246100
                            3.5.58.15        443     69018612600
                            3.5.58.15                69018612600
                          16.12.14.10        443     45971321100
                          16.12.14.10                45971321100
                            3.5.56.12        443     40434016800
                            3.5.56.12                40434016800

Metric Info:
1M Packets/s

Alert Type:
time_window

Alert Description:
High packet rate

Start Time: 2024-09-22 01:33:18
End Time: ongoing

First Event Seen: 2024-09-22 01:31:00
Last Event Seen: 2024-09-22 01:47:00

Further Details:
https://primary.nemo.geant.org/alerts/details/336205/


More information about the Nemo-ddos-list mailing list