[NeMo-DDoS-List] FW: [Geant NeMo] Analysis for Alert #336682 WARN: IUCC (AS378) - [Email_Analysis] [Customer] [IUCC]
Hank Nussbacher
hank at mail.iucc.ac.il
Mon Sep 23 05:25:12 IDT 2024
________________________________________
From: nemo-ddos at geant.org <nemo-ddos at geant.org>
Sent: Monday, September 23, 2024 5:24:36 AM (UTC+02:00) Jerusalem
To: soc at geant.org
Subject: [Geant NeMo] Analysis for Alert #336682 WARN: IUCC (AS378) - [Email_Analysis] [Customer] [IUCC]
Please find the analysis details for the Alert ID: 336682
Top-10 Src IPs by Packets:
Packets Est. Rate % of Total Src IP
---------------------------------------------------
8152200 27174 33.2% 132.74.20.45
581100 1937 2.4% 208.67.222.222
555600 1852 2.3% 51.17.3.162
471300 1571 1.9% 192.178.19.26
399000 1330 1.6% 128.139.226.100
383100 1277 1.6% 208.67.220.220
201900 673 0.8% 128.139.200.4
193500 645 0.8% 172.217.133.231
192000 640 0.8% 128.139.200.5
157500 525 0.6% 157.240.253.63
Top-10 Dst IPs by Packets:
Packets Est. Rate % of Total Dst IP
-----------------------------------------------------
338514900 1128383 1379.6% 132.68.237.250
7896000 26320 32.2% 51.16.175.215
557100 1857 2.3% 128.139.225.245
555600 1852 2.3% 132.74.20.45
499200 1664 2.0% 128.139.35.5
398700 1329 1.6% 51.16.227.58
377700 1259 1.5% 192.178.19.26
256200 854 1.0% 51.17.3.162
255600 852 1.0% 128.139.34.240
239400 798 1.0% 128.139.200.5
Top-10 Possible Targets by Bytes:
Src IP Src Port Dst IP Dst Port Sampled Count
-------------------------------------------------------------------
132.68.237.250 443351803800
132.68.237.250 268173432000
132.68.237.250 268173432000
132.68.237.250 443 175177640400
53 132.68.237.250 175124898000
132.74.20.45 4500 11562799200
132.74.20.45 4500 11562799200
132.74.20.45 11562799200
4500 51.16.175.215 11478854400
51.16.175.215 4500 11478854400
Metric Info:
1M UDP Packets/s
Alert Type:
time_window
Alert Description:
High UDP packet rate
Start Time: 2024-09-23 02:18:10
End Time: ongoing
First Event Seen: 2024-09-23 02:16:00
Last Event Seen: 2024-09-23 02:23:00
Further Details:
https://primary.nemo.geant.org/alerts/details/336682/
More information about the Nemo-ddos-list
mailing list