[NeMo-DDoS-List] FW: [Geant NeMo] Analysis for Alert #336643 CRIT: IUCC (AS378) - [Email_Analysis] [Customer] [IUCC]
Hank Nussbacher
hank at mail.iucc.ac.il
Mon Sep 23 04:10:38 IDT 2024
________________________________________
From: nemo-ddos at geant.org <nemo-ddos at geant.org>
Sent: Monday, September 23, 2024 4:10:31 AM (UTC+02:00) Jerusalem
To: soc at geant.org
Subject: [Geant NeMo] Analysis for Alert #336643 CRIT: IUCC (AS378) - [Email_Analysis] [Customer] [IUCC]
Please find the analysis details for the Alert ID: 336643
Top-10 Src IPs by Packets:
Packets Est. Rate % of Total Src IP
--------------------------------------------------
1483500 4945 8.5% 132.74.20.45
552600 1842 3.2% 208.67.222.222
499800 1666 2.9% 192.178.19.26
485700 1619 2.8% 188.114.96.7
375900 1253 2.2% 208.67.220.220
320700 1069 1.8% 157.240.253.63
315000 1050 1.8% 157.240.251.63
306300 1021 1.8% 51.17.3.162
273900 913 1.6% 208.87.242.77
263100 877 1.5% 157.240.252.63
Top-10 Dst IPs by Packets:
Packets Est. Rate % of Total Dst IP
-----------------------------------------------------
220763100 735877 1269.6% 132.68.237.250
1223400 4078 7.0% 51.16.175.215
1059000 3530 6.1% 128.139.225.245
527100 1757 3.0% 192.114.91.244
513600 1712 3.0% 128.139.35.5
392700 1309 2.3% 192.178.19.26
306300 1021 1.8% 132.74.20.45
265500 885 1.5% 128.139.200.5
260100 867 1.5% 51.17.3.162
248700 829 1.4% 128.139.34.240
Top-10 Possible Targets by Bytes:
Src IP Src Port Dst IP Dst Port Sampled Count
-------------------------------------------------------------------
132.68.237.250 289692898200
132.68.237.250 176158422600
132.68.237.250 176158422600
132.68.237.250 443 113533035600
53 132.68.237.250 113507220300
132.74.20.45 4500 1855381200
132.74.20.45 4500 1855381200
132.74.20.45 1855381200
4500 51.16.175.215 1771464000
51.16.175.215 4500 1771464000
Metric Info:
2M UDP Packets/s
Alert Type:
time_window
Alert Description:
High UDP packet rate
Start Time: 2024-09-23 00:48:16
End Time: ongoing
First Event Seen: 2024-09-23 00:46:00
Last Event Seen: 2024-09-23 01:09:00
Further Details:
https://primary.nemo.geant.org/alerts/details/336643/
More information about the Nemo-ddos-list
mailing list