[NeMo-DDoS-List] FW: [Geant NeMo] Analysis for Alert #361699 CRIT: IUCC (AS378) - [Customer] [Email_Analysis] [IUCC]

Mon Feb 3 10:43:46 IST 2025



________________________________________
From: nemo-ddos at host.geant.org <nemo-ddos at host.geant.org>
Sent: Monday, February 3, 2025 10:32:50 AM (UTC+02:00) Jerusalem
To: soc at geant.org
Subject: [Geant NeMo] Analysis for Alert #361699 CRIT: IUCC (AS378) - [Customer] [Email_Analysis] [IUCC]

Please find the analysis details for the Alert ID: 361699

Top-10 Src IPs by Packets:
  Packets   Est. Rate   % of Total            Src IP
---------------------------------------------------
  6934800       23116         4.7%       31.13.84.52
  4707300       15691         3.2%    157.240.252.63
  4237800       14126         2.9%   128.139.226.100
  3826800       12756         2.6%    157.240.253.63
  2793600        9312         1.9%    157.240.251.63
  2059800        6866         1.4%    157.240.252.13
  2042100        6807         1.4%    38.107.236.100
  1826700        6089         1.2%      132.74.20.45
  1726200        5754         1.2%        31.13.84.4
  1707000        5690         1.2%     157.240.253.1

Top-10 Dst IPs by Packets:
    Packets   Est. Rate   % of Total            Dst IP
-----------------------------------------------------
  699935700     2333119       472.4%   147.233.250.233
    7107900       23693         4.8%   128.139.225.245
    4236000       14120         2.9%      51.16.227.58
    2345700        7819         1.6%      192.114.5.10
    2011500        6705         1.4%    192.114.91.244
    1887900        6293         1.3%      132.70.66.13
    1826700        6089         1.2%     51.16.175.215
    1625100        5417         1.1%    192.114.91.246
    1382700        4609         0.9%    192.114.91.249
    1329000        4430         0.9%    192.114.91.243

Top-10 Possible Targets by Bytes:
           Src IP   Src Port            Dst IP   Dst Port   Sampled Count
-----------------------------------------------------------------------
                               147.233.250.233               907581074100
                               147.233.250.233               543419284800
                               147.233.250.233               543419284800
                          53   147.233.250.233               363520251900
                               147.233.250.233        443    282831680100
                               147.233.250.233         80     81156008700
      31.13.84.52        443                                   8533869300
      31.13.84.52                                              8533869300
                               128.139.225.245                 7057760400
  128.139.226.100       4500                                   6078662400

Metric Info:
2M UDP Packets/s

Alert Type:
time_window

Alert Description:
High UDP packet rate

Start Time: 2025-02-03 07:40:47
End Time: ongoing

First Event Seen: 2025-02-03 07:38:00
Last Event Seen: 2025-02-03 08:31:00

Further Details:
https://primary.nemo.geant.org/alerts/details/361699/