[NeMo-DDoS-List] FW: [Geant NeMo] Analysis for Alert #223389 CRIT: IUCC (AS378) - [Customer] [Email_Analysis] [IUCC]

Hank Nussbacher hank at mail.iucc.ac.il
Fri Dec 5 06:09:14 IST 2025 



________________________________________
From: nemo-ddos at host.geant.org <nemo-ddos at host.geant.org>
Sent: Friday, December 5, 2025 6:09:09 AM (UTC+02:00) Jerusalem
To: soc at geant.org
Subject: [Geant NeMo] Analysis for Alert #223389 CRIT: IUCC (AS378) - [Customer] [Email_Analysis] [IUCC]

Please find the analysis details for the Alert ID: 223389

Top-10 Src IPs by Packets:
   Packets   Est. Rate   % of Total            Src IP
----------------------------------------------------
  73236000      244120        22.0%        132.74.3.2
  30294300      100981         9.1%        132.74.3.3
  24746700       82489         7.4%        132.74.3.4
   7912800       26376         2.4%   142.251.140.106
   7185600       23952         2.2%      132.74.20.45
   6487800       21626         1.9%   142.250.180.138
   5809800       19366         1.7%    142.251.39.138
   4333200       14444         1.3%     20.209.177.33
   4137000       13790         1.2%      79.124.49.10
   4078800       13596         1.2%     34.104.35.123

Top-10 Dst IPs by Packets:
   Packets   Est. Rate   % of Total          Dst IP
--------------------------------------------------
  23202900       77343         7.0%      3.5.57.201
  11582100       38607         3.5%      132.74.3.2
  10190700       33969         3.1%      3.5.56.207
   9781200       32604         2.9%     16.12.12.18
   9565800       31886         2.9%     16.12.14.10
   8952000       29840         2.7%      3.5.58.243
   8879100       29597         2.7%      3.5.56.197
   8684400       28948         2.6%      3.5.58.112
   8501700       28339         2.6%   132.74.56.132
   7166400       23888         2.2%   51.16.175.215

Top-10 Possible Targets by Bytes:
      Src IP   Src Port        Dst IP   Dst Port   Sampled Count
--------------------------------------------------------------
  132.74.3.2                                 443    106345526700
  132.74.3.2                                        106345526700
  132.74.3.3                                 443     43849078800
  132.74.3.3                                         43849078800
  132.74.3.4                                 443     35866755000
  132.74.3.4                                         35866755000
                           3.5.57.201        443     33552090900
                           3.5.57.201                33552090900
                          16.12.14.10        443     13626278100
                          16.12.14.10                13626278100

Metric Info:
1M Packets/s

Alert Type:
time_window

Alert Description:
High packet rate.

Start Time: 2025-12-05 04:05:08
End Time: ongoing

First Event Seen: 2025-12-05 04:02:00
Last Event Seen: 2025-12-05 04:07:00

Further Details:
https://secondary.nemo.geant.org/alerts/details/223389/

More information about the Nemo-ddos-list mailing list