[NeMo-DDoS-List] FW: [Geant NeMo] Analysis for Alert #370671 WARN: IUCC (AS378) - [Email_Analysis] [Customer] [IUCC]

Fri Apr 11 12:30:03 IDT 2025



________________________________________
From: nemo-ddos at host.geant.org <nemo-ddos at host.geant.org>
Sent: Friday, April 11, 2025 12:29:52 PM (UTC+02:00) Jerusalem
To: soc at geant.org
Subject: [Geant NeMo] Analysis for Alert #370671 WARN: IUCC (AS378) - [Email_Analysis] [Customer] [IUCC]

Please find the analysis details for the Alert ID: 370671

Top-10 Src IPs by Packets:
   Packets   Est. Rate   % of Total            Src IP
----------------------------------------------------
  33757200      112524        57.3%     89.163.140.94
   3194100       10647         5.4%     142.251.209.1
    999000        3330         1.7%    157.240.252.63
    919500        3065         1.6%    157.240.251.63
    868800        2896         1.5%    157.240.253.63
    768900        2563         1.3%      132.74.20.45
    548400        1828         0.9%    208.67.222.222
    546000        1820         0.9%    157.240.252.13
    538500        1795         0.9%   128.139.226.100
    493800        1646         0.8%     157.240.251.9

Top-10 Dst IPs by Packets:
  Packets   Est. Rate   % of Total            Dst IP
---------------------------------------------------
  2700900        9003         4.6%   128.139.225.245
  1729200        5764         2.9%     132.64.244.96
  1666800        5556         2.8%     192.114.52.12
   761400        2538         1.3%     51.16.175.215
   744000        2480         1.3%    192.114.23.221
   538200        1794         0.9%      51.16.227.58
   350100        1167         0.6%    192.114.91.243
   348900        1163         0.6%     192.178.19.26
   342600        1142         0.6%      192.114.52.1
   340200        1134         0.6%    192.114.91.245

Top-10 Possible Targets by Bytes:
         Src IP   Src Port            Dst IP   Dst Port   Sampled Count
---------------------------------------------------------------------
  89.163.140.94                                             14831793900
  142.251.209.1        443                                   4051675800
  142.251.209.1                                              4051675800
                             128.139.225.245                 2829355500
                       443   128.139.225.245                 2267073900
                       443     132.64.244.96                 2193904200
                               132.64.244.96                 2193904200
  142.251.209.1                                   10400      2193872400
                               132.64.244.96      10400      2193872400
                               192.114.52.12                 1991652900

Metric Info:
298k UDP Packets/s

Alert Type:
time_window

Alert Description:
High UDP packet rate

Start Time: 2025-04-11 09:20:51
End Time: ongoing

First Event Seen: 2025-04-11 09:18:00
Last Event Seen: 2025-04-11 09:28:00

Further Details:
https://primary.nemo.geant.org/alerts/details/370671/