[NeMo-DDoS-List] FW: [Geant NeMo] Analysis for Alert #379923 CRIT: IUCC (AS378) - [Customer] [Email_Analysis] [IUCC]
Hank Nussbacher
hank at mail.iucc.ac.il
Sun Aug 3 01:52:11 IDT 2025
________________________________________
From: nemo-ddos at host.geant.org <nemo-ddos at host.geant.org>
Sent: Sunday, August 3, 2025 1:52:03 AM (UTC+02:00) Jerusalem
To: soc at geant.org
Subject: [Geant NeMo] Analysis for Alert #379923 CRIT: IUCC (AS378) - [Customer] [Email_Analysis] [IUCC]
Please find the analysis details for the Alert ID: 379923
Top-10 Src IPs by Packets:
Packets Est. Rate % of Total Src IP
----------------------------------------------------------
150556200 501854 51.9% 2001:bf8:900:d:2::71
5997900 19993 2.1% 132.76.61.54
5450100 18167 1.9% 82.77.160.177
4725300 15751 1.6% 142.250.179.202
4467000 14890 1.5% 132.73.124.48
3478500 11595 1.2% 52.107.224.129
2430300 8101 0.8% 157.240.252.63
2190900 7303 0.8% 157.240.251.63
2055300 6851 0.7% 216.58.209.42
2017200 6724 0.7% 142.251.209.10
Top-10 Dst IPs by Packets:
Packets Est. Rate % of Total Dst IP
--------------------------------------------------------------
11216400 37388 3.9% 2001:760:422a:137::201:82
10835100 36117 3.7% 2001:760:422a:137::201:70
10614000 35380 3.7% 2001:760:422a:137::201:60
10418100 34727 3.6% 2001:760:422a:137::201:68
8895000 29650 3.1% 2001:760:422a:137::201:23
8687700 28959 3.0% 128.139.35.5
8635200 28784 3.0% 128.139.225.244
7991100 26637 2.8% 2001:760:422a:137::201:21
7065300 23551 2.4% 2001:760:422a:137::201:72
6756000 22520 2.3% 2001:760:422a:137::201:61
Top-10 Possible Targets by Bytes:
Src IP Src Port Dst IP Dst Port Sampled Count
--------------------------------------------------------------------------------------
2001:bf8:900:d:2::71 8443 225683259000
2001:bf8:900:d:2::71 225683259000
8443 2001:760:422a:137::201:82 16815404400
2001:760:422a:137::201:82 16815404400
8443 2001:760:422a:137::201:60 15914544600
2001:760:422a:137::201:60 15914544600
8443 2001:760:422a:137::201:68 15623002200
2001:760:422a:137::201:68 15623002200
8443 2001:760:422a:137::201:70 14723551800
2001:760:422a:137::201:70 14723551800
Metric Info:
1M Packets/s
Alert Type:
time_window
Alert Description:
High packet rate
Start Time: 2025-08-02 22:46:33
End Time: ongoing
First Event Seen: 2025-08-02 22:44:00
Last Event Seen: 2025-08-02 22:50:00
Further Details:
https://primary.nemo.geant.org/alerts/details/379923/
More information about the Nemo-ddos-list
mailing list