[NeMo-DDoS-List] FW: [Geant NeMo] Analysis for Alert #336683 CRIT: IUCC (AS378) - [Email_Analysis] [Customer] [IUCC]
Hank Nussbacher
hank at mail.iucc.ac.il
Mon Sep 23 05:40:59 IDT 2024
________________________________________
From: nemo-ddos at geant.org <nemo-ddos at geant.org>
Sent: Monday, September 23, 2024 5:40:50 AM (UTC+02:00) Jerusalem
To: soc at geant.org
Subject: [Geant NeMo] Analysis for Alert #336683 CRIT: IUCC (AS378) - [Email_Analysis] [Customer] [IUCC]
Please find the analysis details for the Alert ID: 336683
Top-10 Src IPs by Packets:
Packets Est. Rate % of Total Src IP
---------------------------------------------------
8152200 27174 9.0% 132.74.20.45
5407800 18026 6.0% 132.74.3.2
2849400 9498 3.1% 142.250.180.170
2397900 7993 2.6% 52.98.237.162
1361100 4537 1.5% 91.184.241.183
1275600 4252 1.4% 185.161.208.47
1262700 4209 1.4% 132.64.28.16
1101000 3670 1.2% 216.58.209.42
941400 3138 1.0% 13.107.138.10
876600 2922 1.0% 216.58.204.138
Top-10 Dst IPs by Packets:
Packets Est. Rate % of Total Dst IP
-----------------------------------------------------
339798300 1132661 374.7% 132.68.237.250
7896000 26320 8.7% 51.16.175.215
2396400 7988 2.6% 192.114.2.35
2257200 7524 2.5% 3.5.56.12
2212200 7374 2.4% 132.64.158.230
2127000 7090 2.3% 128.139.225.245
1811400 6038 2.0% 132.76.61.53
1644900 5483 1.8% 128.139.200.4
1625400 5418 1.8% 128.139.200.5
1532700 5109 1.7% 3.5.58.15
Top-10 Possible Targets by Bytes:
Src IP Src Port Dst IP Dst Port Sampled Count
-------------------------------------------------------------------
132.68.237.250 443474651100
132.68.237.250 268296279300
132.68.237.250 268173432000
132.68.237.250 443 175161262800
53 132.68.237.250 175124898000
132.74.20.45 4500 11562799200
132.74.20.45 4500 11562799200
132.74.20.45 11562799200
4500 51.16.175.215 11478854400
51.16.175.215 4500 11478854400
Metric Info:
2M Packets/s
Alert Type:
time_window
Alert Description:
High packet rate
Start Time: 2024-09-23 02:18:19
End Time: ongoing
First Event Seen: 2024-09-23 02:16:00
Last Event Seen: 2024-09-23 02:39:00
Further Details:
https://primary.nemo.geant.org/alerts/details/336683/
More information about the Nemo-ddos-list
mailing list