[NeMo-DDoS-List] FW: [Geant NeMo] Analysis for Alert #382262 CRIT: IUCC (AS378) - [Customer] [Email_Analysis] [IUCC]
Hank Nussbacher
hank at mail.iucc.ac.il
Wed Aug 20 04:15:50 IDT 2025
________________________________________
From: nemo-ddos at host.geant.org <nemo-ddos at host.geant.org>
Sent: Wednesday, August 20, 2025 4:15:44 AM (UTC+02:00) Jerusalem
To: soc at geant.org
Subject: [Geant NeMo] Analysis for Alert #382262 CRIT: IUCC (AS378) - [Customer] [Email_Analysis] [IUCC]
Please find the analysis details for the Alert ID: 382262
Top-10 Src IPs by Packets:
Packets Est. Rate % of Total Src IP
---------------------------------------------------
48491700 161639 11.5% 2.23.231.234
43783500 145945 10.3% 2.23.231.161
35865000 119550 8.5% 23.220.255.140
33959700 113199 8.0% 23.220.255.155
22230000 74100 5.3% 184.25.54.62
18429600 61432 4.4% 132.73.124.68
11731800 39106 2.8% 132.73.124.48
11585700 38619 2.7% 132.73.124.236
9224100 30747 2.2% 34.104.35.123
5470200 18234 1.3% 192.114.3.241
Top-10 Dst IPs by Packets:
Packets Est. Rate % of Total Dst IP
---------------------------------------------------
38394900 127983 9.1% 132.73.124.68
25659600 85532 6.1% 132.73.124.236
24355500 81185 5.8% 132.73.124.48
23426700 78089 5.5% 2.23.231.234
22013700 73379 5.2% 2.23.231.161
16855800 56186 4.0% 23.220.255.140
15333600 51112 3.6% 23.220.255.155
11997300 39991 2.8% 132.73.124.40
11226300 37421 2.7% 184.25.54.62
10125900 33753 2.4% 132.72.23.183
Top-10 Possible Targets by Bytes:
Src IP Src Port Dst IP Dst Port Sampled Count
--------------------------------------------------------------------
2.23.231.234 72629605200
2.23.231.234 443 72623759400
2.23.231.161 65573700000
2.23.231.161 443 65567651700
132.73.124.68 56917524900
443 132.73.124.68 56792410500
23.220.255.140 443 53751173700
23.220.255.140 53751173700
23.220.255.155 443 50875860900
23.220.255.155 50875860900
Metric Info:
1M Packets/s
Alert Type:
time_window
Alert Description:
High packet rate
Start Time: 2025-08-20 01:11:34
End Time: ongoing
First Event Seen: 2025-08-20 01:09:00
Last Event Seen: 2025-08-20 01:14:00
Further Details:
https://primary.nemo.geant.org/alerts/details/382262/
More information about the Nemo-ddos-list
mailing list