[NeMo-DDoS-List] FW: [Geant NeMo] Analysis for Alert #336642 CRIT: IUCC (AS378) - [Email_Analysis] [Customer] [IUCC]

Hank Nussbacher hank at mail.iucc.ac.il
Mon Sep 23 04:10:38 IDT 2024




________________________________________
From: nemo-ddos at geant.org <nemo-ddos at geant.org>
Sent: Monday, September 23, 2024 4:10:31 AM (UTC+02:00) Jerusalem
To: soc at geant.org
Subject: [Geant NeMo] Analysis for Alert #336642 CRIT: IUCC (AS378) - [Email_Analysis] [Customer] [IUCC]

Please find the analysis details for the Alert ID: 336642

Top-10 Src IPs by Packets:
  Packets   Est. Rate   % of Total            Src IP
---------------------------------------------------
  8622000       28740         7.6%     3.160.188.114
  6254700       20849         5.5%        132.74.3.2
  4175100       13917         3.7%      132.76.61.53
  4028400       13428         3.6%    216.58.204.138
  2322300        7741         2.1%    142.251.209.42
  1943100        6477         1.7%   142.250.180.138
  1893600        6312         1.7%     52.98.237.162
  1743000        5810         1.5%   142.250.180.170
  1560600        5202         1.4%     216.58.205.42
  1483500        4945         1.3%      132.74.20.45

Top-10 Dst IPs by Packets:
    Packets   Est. Rate   % of Total            Dst IP
-----------------------------------------------------
  221072100      736907       196.0%    132.68.237.250
    8658300       28861         7.7%      132.68.7.253
    3499200       11664         3.1%    18.198.202.218
    2995500        9985         2.7%    132.64.165.232
    2964600        9882         2.6%   128.139.225.245
    2538900        8463         2.3%         3.5.58.15
    2007600        6692         1.8%     128.139.200.4
    1872300        6241         1.7%      132.76.61.54
    1809900        6033         1.6%      132.76.61.53
    1793700        5979         1.6%     128.139.200.5

Top-10 Possible Targets by Bytes:
         Src IP   Src Port           Dst IP   Dst Port   Sampled Count
--------------------------------------------------------------------
                             132.68.237.250               289722559500
                             132.68.237.250               176188021800
                             132.68.237.250               176158422600
                             132.68.237.250        443    113523576600
                        53   132.68.237.250               113497699200
                       443     132.68.7.253                12772993200
                               132.68.7.253                12772993200
  3.160.188.114        443                                 12756283800
  3.160.188.114                                  56936     12756283800
  3.160.188.114                                            12756283800

Metric Info:
3M Packets/s

Alert Type:
time_window

Alert Description:
High packet rate

Start Time: 2024-09-23 00:48:16
End Time: ongoing

First Event Seen: 2024-09-23 00:46:00
Last Event Seen: 2024-09-23 01:09:00

Further Details:
https://primary.nemo.geant.org/alerts/details/336642/


More information about the Nemo-ddos-list mailing list