[NeMo-DDoS-List] FW: [Geant NeMo] Analysis for Alert #336683 CRIT: IUCC (AS378) - [Email_Analysis] [Customer] [IUCC]

Hank Nussbacher hank at mail.iucc.ac.il
Mon Sep 23 05:40:59 IDT 2024




________________________________________
From: nemo-ddos at geant.org <nemo-ddos at geant.org>
Sent: Monday, September 23, 2024 5:40:50 AM (UTC+02:00) Jerusalem
To: soc at geant.org
Subject: [Geant NeMo] Analysis for Alert #336683 CRIT: IUCC (AS378) - [Email_Analysis] [Customer] [IUCC]

Please find the analysis details for the Alert ID: 336683

Top-10 Src IPs by Packets:
  Packets   Est. Rate   % of Total            Src IP
---------------------------------------------------
  8152200       27174         9.0%      132.74.20.45
  5407800       18026         6.0%        132.74.3.2
  2849400        9498         3.1%   142.250.180.170
  2397900        7993         2.6%     52.98.237.162
  1361100        4537         1.5%    91.184.241.183
  1275600        4252         1.4%    185.161.208.47
  1262700        4209         1.4%      132.64.28.16
  1101000        3670         1.2%     216.58.209.42
   941400        3138         1.0%     13.107.138.10
   876600        2922         1.0%    216.58.204.138

Top-10 Dst IPs by Packets:
    Packets   Est. Rate   % of Total            Dst IP
-----------------------------------------------------
  339798300     1132661       374.7%    132.68.237.250
    7896000       26320         8.7%     51.16.175.215
    2396400        7988         2.6%      192.114.2.35
    2257200        7524         2.5%         3.5.56.12
    2212200        7374         2.4%    132.64.158.230
    2127000        7090         2.3%   128.139.225.245
    1811400        6038         2.0%      132.76.61.53
    1644900        5483         1.8%     128.139.200.4
    1625400        5418         1.8%     128.139.200.5
    1532700        5109         1.7%         3.5.58.15

Top-10 Possible Targets by Bytes:
        Src IP   Src Port           Dst IP   Dst Port   Sampled Count
-------------------------------------------------------------------
                            132.68.237.250               443474651100
                            132.68.237.250               268296279300
                            132.68.237.250               268173432000
                            132.68.237.250        443    175161262800
                       53   132.68.237.250               175124898000
  132.74.20.45       4500                                 11562799200
  132.74.20.45                                   4500     11562799200
  132.74.20.45                                            11562799200
                     4500    51.16.175.215                11478854400
                             51.16.175.215       4500     11478854400

Metric Info:
2M Packets/s

Alert Type:
time_window

Alert Description:
High packet rate

Start Time: 2024-09-23 02:18:19
End Time: ongoing

First Event Seen: 2024-09-23 02:16:00
Last Event Seen: 2024-09-23 02:39:00

Further Details:
https://primary.nemo.geant.org/alerts/details/336683/


More information about the Nemo-ddos-list mailing list