[NeMo-DDoS-List] FW: [Geant NeMo] Analysis for Alert #336642 CRIT: IUCC (AS378) - [Email_Analysis] [Customer] [IUCC]
Hank Nussbacher
hank at mail.iucc.ac.il
Mon Sep 23 04:10:38 IDT 2024
________________________________________
From: nemo-ddos at geant.org <nemo-ddos at geant.org>
Sent: Monday, September 23, 2024 4:10:31 AM (UTC+02:00) Jerusalem
To: soc at geant.org
Subject: [Geant NeMo] Analysis for Alert #336642 CRIT: IUCC (AS378) - [Email_Analysis] [Customer] [IUCC]
Please find the analysis details for the Alert ID: 336642
Top-10 Src IPs by Packets:
Packets Est. Rate % of Total Src IP
---------------------------------------------------
8622000 28740 7.6% 3.160.188.114
6254700 20849 5.5% 132.74.3.2
4175100 13917 3.7% 132.76.61.53
4028400 13428 3.6% 216.58.204.138
2322300 7741 2.1% 142.251.209.42
1943100 6477 1.7% 142.250.180.138
1893600 6312 1.7% 52.98.237.162
1743000 5810 1.5% 142.250.180.170
1560600 5202 1.4% 216.58.205.42
1483500 4945 1.3% 132.74.20.45
Top-10 Dst IPs by Packets:
Packets Est. Rate % of Total Dst IP
-----------------------------------------------------
221072100 736907 196.0% 132.68.237.250
8658300 28861 7.7% 132.68.7.253
3499200 11664 3.1% 18.198.202.218
2995500 9985 2.7% 132.64.165.232
2964600 9882 2.6% 128.139.225.245
2538900 8463 2.3% 3.5.58.15
2007600 6692 1.8% 128.139.200.4
1872300 6241 1.7% 132.76.61.54
1809900 6033 1.6% 132.76.61.53
1793700 5979 1.6% 128.139.200.5
Top-10 Possible Targets by Bytes:
Src IP Src Port Dst IP Dst Port Sampled Count
--------------------------------------------------------------------
132.68.237.250 289722559500
132.68.237.250 176188021800
132.68.237.250 176158422600
132.68.237.250 443 113523576600
53 132.68.237.250 113497699200
443 132.68.7.253 12772993200
132.68.7.253 12772993200
3.160.188.114 443 12756283800
3.160.188.114 56936 12756283800
3.160.188.114 12756283800
Metric Info:
3M Packets/s
Alert Type:
time_window
Alert Description:
High packet rate
Start Time: 2024-09-23 00:48:16
End Time: ongoing
First Event Seen: 2024-09-23 00:46:00
Last Event Seen: 2024-09-23 01:09:00
Further Details:
https://primary.nemo.geant.org/alerts/details/336642/
More information about the Nemo-ddos-list
mailing list