[NeMo-DDoS-List] FW: [Geant NeMo] Analysis for Alert #223389 WARN: IUCC (AS378) - [Customer] [Email_Analysis] [IUCC]

Hank Nussbacher hank at mail.iucc.ac.il
Fri Dec 5 06:05:25 IST 2025 



________________________________________
From: nemo-ddos at host.geant.org <nemo-ddos at host.geant.org>
Sent: Friday, December 5, 2025 6:05:16 AM (UTC+02:00) Jerusalem
To: soc at geant.org
Subject: [Geant NeMo] Analysis for Alert #223389 WARN: IUCC (AS378) - [Customer] [Email_Analysis] [IUCC]

Please find the analysis details for the Alert ID: 223389

Top-10 Src IPs by Packets:
   Packets   Est. Rate   % of Total            Src IP
----------------------------------------------------
  39564600      131882        19.3%        132.74.3.2
  16857600       56192         8.2%        132.74.3.3
  11451000       38170         5.6%        132.74.3.4
   5256300       17521         2.6%    142.251.39.138
   5174700       17249         2.5%   142.251.140.106
   5114400       17048         2.5%   142.250.180.138
   4857600       16192         2.4%      132.74.20.45
   3582000       11940         1.7%      16.182.66.17
   3288600       10962         1.6%    199.232.82.172
   3004800       10016         1.5%     34.104.35.123

Top-10 Dst IPs by Packets:
  Packets   Est. Rate   % of Total          Dst IP
-------------------------------------------------
  8834700       29449         4.3%      3.5.57.201
  7478100       24927         3.7%     16.12.14.10
  6568200       21894         3.2%       3.5.56.25
  6272700       20909         3.1%      132.74.3.2
  5763900       19213         2.8%      3.5.56.197
  5511000       18370         2.7%   132.74.56.132
  4843800       16146         2.4%   51.16.175.215
  4722600       15742         2.3%      3.5.58.112
  4590600       15302         2.2%   132.65.180.12
  4581900       15273         2.2%     16.12.14.18

Top-10 Possible Targets by Bytes:
      Src IP   Src Port        Dst IP   Dst Port   Sampled Count
--------------------------------------------------------------
  132.74.3.2                                 443     57471089400
  132.74.3.2                                         57471089400
  132.74.3.3                                 443     24380744700
  132.74.3.3                                         24380744700
  132.74.3.4                                 443     16577472900
  132.74.3.4                                         16577472900
                           3.5.57.201        443     12760731300
                           3.5.57.201                12760731300
                          16.12.14.10        443     10899705900
                          16.12.14.10                10899705900

Metric Info:
1M Packets/s

Alert Type:
time_window

Alert Description:
High packet rate.

Start Time: 2025-12-05 04:05:08
End Time: ongoing

First Event Seen: 2025-12-05 04:02:00
Last Event Seen: 2025-12-05 04:03:00

Further Details:
https://secondary.nemo.geant.org/alerts/details/223389/

More information about the Nemo-ddos-list mailing list