[NeMo-DDoS-List] FW: [Geant NeMo] Analysis for Alert #336643 CRIT: IUCC (AS378) - [Email_Analysis] [Customer] [IUCC]

Hank Nussbacher hank at mail.iucc.ac.il
Mon Sep 23 04:10:38 IDT 2024




________________________________________
From: nemo-ddos at geant.org <nemo-ddos at geant.org>
Sent: Monday, September 23, 2024 4:10:31 AM (UTC+02:00) Jerusalem
To: soc at geant.org
Subject: [Geant NeMo] Analysis for Alert #336643 CRIT: IUCC (AS378) - [Email_Analysis] [Customer] [IUCC]

Please find the analysis details for the Alert ID: 336643

Top-10 Src IPs by Packets:
  Packets   Est. Rate   % of Total           Src IP
--------------------------------------------------
  1483500        4945         8.5%     132.74.20.45
   552600        1842         3.2%   208.67.222.222
   499800        1666         2.9%    192.178.19.26
   485700        1619         2.8%     188.114.96.7
   375900        1253         2.2%   208.67.220.220
   320700        1069         1.8%   157.240.253.63
   315000        1050         1.8%   157.240.251.63
   306300        1021         1.8%      51.17.3.162
   273900         913         1.6%    208.87.242.77
   263100         877         1.5%   157.240.252.63

Top-10 Dst IPs by Packets:
    Packets   Est. Rate   % of Total            Dst IP
-----------------------------------------------------
  220763100      735877      1269.6%    132.68.237.250
    1223400        4078         7.0%     51.16.175.215
    1059000        3530         6.1%   128.139.225.245
     527100        1757         3.0%    192.114.91.244
     513600        1712         3.0%      128.139.35.5
     392700        1309         2.3%     192.178.19.26
     306300        1021         1.8%      132.74.20.45
     265500         885         1.5%     128.139.200.5
     260100         867         1.5%       51.17.3.162
     248700         829         1.4%    128.139.34.240

Top-10 Possible Targets by Bytes:
        Src IP   Src Port           Dst IP   Dst Port   Sampled Count
-------------------------------------------------------------------
                            132.68.237.250               289692898200
                            132.68.237.250               176158422600
                            132.68.237.250               176158422600
                            132.68.237.250        443    113533035600
                       53   132.68.237.250               113507220300
  132.74.20.45       4500                                  1855381200
  132.74.20.45                                   4500      1855381200
  132.74.20.45                                             1855381200
                     4500    51.16.175.215                 1771464000
                             51.16.175.215       4500      1771464000

Metric Info:
2M UDP Packets/s

Alert Type:
time_window

Alert Description:
High UDP packet rate

Start Time: 2024-09-23 00:48:16
End Time: ongoing

First Event Seen: 2024-09-23 00:46:00
Last Event Seen: 2024-09-23 01:09:00

Further Details:
https://primary.nemo.geant.org/alerts/details/336643/


More information about the Nemo-ddos-list mailing list