[NeMo-DDoS-List] FW: [Geant NeMo] Analysis for Alert #380043 WARN: IUCC (AS378) - [Customer] [Email_Analysis] [IUCC]
Hank Nussbacher
hank at mail.iucc.ac.il
Sun Aug 3 22:35:58 IDT 2025
________________________________________
From: nemo-ddos at host.geant.org <nemo-ddos at host.geant.org>
Sent: Sunday, August 3, 2025 10:35:49 PM (UTC+02:00) Jerusalem
To: soc at geant.org
Subject: [Geant NeMo] Analysis for Alert #380043 WARN: IUCC (AS378) - [Customer] [Email_Analysis] [IUCC]
Please find the analysis details for the Alert ID: 380043
Top-10 Src IPs by Packets:
Packets Est. Rate % of Total Src IP
---------------------------------------------------------
96793500 322645 37.5% 2001:bf8:900:d:2::71
5071800 16906 2.0% 216.58.204.234
5005800 16686 1.9% 132.70.19.4
4695300 15651 1.8% 82.77.160.177
4358100 14527 1.7% 216.58.205.42
3742500 12475 1.5% 17.248.182.244
3581400 11938 1.4% 157.240.252.63
2992500 9975 1.2% 157.240.251.63
2890800 9636 1.1% 132.74.243.81
2829900 9433 1.1% 157.240.253.63
Top-10 Dst IPs by Packets:
Packets Est. Rate % of Total Dst IP
---------------------------------------------------------------
23241600 77472 9.0% 2001:760:4205:128::130:70
21938400 73128 8.5% 2001:760:4205:128::129:203
17647200 58824 6.8% 2001:760:4205:128::130:72
17262000 57540 6.7% 2001:760:4205:128::129:201
16690500 55635 6.5% 2001:760:4205:128::130:48
12007500 40025 4.7% 128.139.225.244
7306800 24356 2.8% 128.139.35.5
7192800 23976 2.8% 132.64.64.243
5005800 16686 1.9% 20.209.177.33
4237200 14124 1.6% 216.58.204.138
Top-10 Possible Targets by Bytes:
Src IP Src Port Dst IP Dst Port Sampled Count
---------------------------------------------------------------------------------------
2001:bf8:900:d:2::71 8443 145014180300
2001:bf8:900:d:2::71 145014180300
8443 2001:760:4205:128::130:70 34812543600
2001:760:4205:128::130:70 34812543600
8443 2001:760:4205:128::129:203 32866576200
2001:760:4205:128::129:203 32866576200
8443 2001:760:4205:128::130:72 26453574900
2001:760:4205:128::130:72 26453574900
8443 2001:760:4205:128::129:201 25852145400
2001:760:4205:128::129:201 25852145400
Metric Info:
1M Packets/s
Alert Type:
time_window
Alert Description:
High packet rate
Start Time: 2025-08-03 19:35:35
End Time: ongoing
First Event Seen: 2025-08-03 19:33:00
Last Event Seen: 2025-08-03 19:34:00
Further Details:
https://primary.nemo.geant.org/alerts/details/380043/
More information about the Nemo-ddos-list
mailing list