[NeMo-DDoS-List] FW: [Geant NeMo] Analysis for Alert #370654 WARN: IUCC (AS378) - [Email_Analysis] [Customer] [IUCC]

Fri Apr 11 02:35:03 IDT 2025



________________________________________
From: nemo-ddos at host.geant.org <nemo-ddos at host.geant.org>
Sent: Friday, April 11, 2025 2:34:53 AM (UTC+02:00) Jerusalem
To: soc at geant.org
Subject: [Geant NeMo] Analysis for Alert #370654 WARN: IUCC (AS378) - [Email_Analysis] [Customer] [IUCC]

Please find the analysis details for the Alert ID: 370654

Top-10 Src IPs by Packets:
  Packets   Est. Rate   % of Total            Src IP
---------------------------------------------------
  7709100       25697        31.5%      132.74.20.45
   615300        2051         2.5%   128.139.226.100
   609300        2031         2.5%      185.243.5.55
   604500        2015         2.5%    157.240.252.63
   566700        1889         2.3%    157.240.251.63
   514200        1714         2.1%    208.67.222.222
   458700        1529         1.9%       51.17.3.162
   436800        1456         1.8%    157.240.253.63
   320700        1069         1.3%    208.67.220.220
   270300         901         1.1%     192.178.18.26

Top-10 Dst IPs by Packets:
  Packets   Est. Rate   % of Total            Dst IP
---------------------------------------------------
  7704900       25683        31.5%     51.16.175.215
  2548800        8496        10.4%        132.68.1.9
  2352600        7842         9.6%      132.68.239.9
  2255700        7519         9.2%        132.68.1.2
  2085600        6952         8.5%   128.139.225.245
   615300        2051         2.5%      51.16.227.58
   458700        1529         1.9%      132.74.20.45
   286500         955         1.2%      132.66.4.110
   277500         925         1.1%     128.139.200.4
   265200         884         1.1%    128.139.34.240

Top-10 Possible Targets by Bytes:
           Src IP   Src Port            Dst IP   Dst Port   Sampled Count
-----------------------------------------------------------------------
     132.74.20.45       4500                                  11205247200
     132.74.20.45                                    4500     11205247200
     132.74.20.45                                             11205247200
                        4500     51.16.175.215                11204558400
                                 51.16.175.215       4500     11204558400
                                 51.16.175.215                11204558400
                               128.139.225.245                 2287065000
                         443   128.139.225.245                 2013868800
  128.139.226.100       4500                                    851486400
  128.139.226.100                                    4500       851486400

Metric Info:
128k UDP Packets/s

Alert Type:
time_window

Alert Description:
High UDP packet rate

Start Time: 2025-04-10 23:28:46
End Time: ongoing

First Event Seen: 2025-04-10 23:26:00
Last Event Seen: 2025-04-10 23:33:00

Further Details:
https://primary.nemo.geant.org/alerts/details/370654/