[NeMo-DDoS-List] FW: [Geant NeMo] Analysis for Alert #379923 WARN: IUCC (AS378) - [Customer] [Email_Analysis] [IUCC]

Hank Nussbacher hank at mail.iucc.ac.il
Sun Aug 3 01:46:56 IDT 2025 



________________________________________
From: nemo-ddos at host.geant.org <nemo-ddos at host.geant.org>
Sent: Sunday, August 3, 2025 1:46:47 AM (UTC+02:00) Jerusalem
To: soc at geant.org
Subject: [Geant NeMo] Analysis for Alert #379923 WARN: IUCC (AS378) - [Customer] [Email_Analysis] [IUCC]

Please find the analysis details for the Alert ID: 379923

Top-10 Src IPs by Packets:
   Packets   Est. Rate   % of Total                 Src IP
---------------------------------------------------------
  98586600      328622        45.9%   2001:bf8:900:d:2::71
   4764900       15883         2.2%           132.76.61.54
   4725300       15751         2.2%        142.250.179.202
   4621200       15404         2.2%          82.77.160.177
   3901500       13005         1.8%          132.73.124.48
   3079800       10266         1.4%         52.107.224.129
   2035800        6786         0.9%         157.240.252.63
   1905600        6352         0.9%          216.58.209.42
   1835100        6117         0.9%         157.240.251.63
   1701300        5671         0.8%         157.240.253.63

Top-10 Dst IPs by Packets:
  Packets   Est. Rate   % of Total                      Dst IP
-------------------------------------------------------------
  9822900       32743         4.6%   2001:760:422a:137::201:70
  7679400       25598         3.6%   2001:760:422a:137::201:68
  7512600       25042         3.5%   2001:760:422a:137::201:82
  7359000       24530         3.4%                128.139.35.5
  7124700       23749         3.3%             128.139.225.244
  6612000       22040         3.1%   2001:760:422a:137::201:23
  6298800       20996         2.9%   2001:760:422a:137::201:60
  5640600       18802         2.6%   2001:760:422a:137::201:21
  4984200       16614         2.3%               132.74.74.134
  4827300       16091         2.2%   2001:760:422a:137::201:80

Top-10 Possible Targets by Bytes:
                Src IP   Src Port                      Dst IP   Dst Port   Sampled Count
--------------------------------------------------------------------------------------
  2001:bf8:900:d:2::71       8443                                           147762237000
  2001:bf8:900:d:2::71                                                      147762237000
                             8443   2001:760:422a:137::201:70                14723551800
                                    2001:760:422a:137::201:70                14723551800
                             8443   2001:760:422a:137::201:68                11516417400
                                    2001:760:422a:137::201:68                11516417400
                             8443   2001:760:422a:137::201:82                11260583400
                                    2001:760:422a:137::201:82                11260583400
                             8443   2001:760:422a:137::201:23                 9916560000
                                    2001:760:422a:137::201:23                 9916560000

Metric Info:
1M Packets/s

Alert Type:
time_window

Alert Description:
High packet rate

Start Time: 2025-08-02 22:46:33
End Time: ongoing

First Event Seen: 2025-08-02 22:44:00
Last Event Seen: 2025-08-02 22:45:00

Further Details:
https://primary.nemo.geant.org/alerts/details/379923/

More information about the Nemo-ddos-list mailing list