[NeMo-DDoS-List] FW: [Geant NeMo] Analysis for Alert #362036 WARN: IUCC (AS378) - [Customer] [Email_Analysis] [IUCC]

Wed Feb 5 18:04:21 IST 2025



________________________________________
From: nemo-ddos at host.geant.org <nemo-ddos at host.geant.org>
Sent: Wednesday, February 5, 2025 6:04:12 PM (UTC+02:00) Jerusalem
To: soc at geant.org
Subject: [Geant NeMo] Analysis for Alert #362036 WARN: IUCC (AS378) - [Customer] [Email_Analysis] [IUCC]

Please find the analysis details for the Alert ID: 362036

Top-10 Src IPs by Packets:
   Packets   Est. Rate   % of Total           Src IP
---------------------------------------------------
  49326000      164420        10.0%    194.180.49.75
  25039800       83466         5.1%    3.160.196.126
  13206000       44020         2.7%    52.98.242.226
  12729900       42433         2.6%    162.125.69.15
   7906200       26354         1.6%   142.251.209.10
   7845900       26153         1.6%   157.240.252.63
   6795900       22653         1.4%     3.160.196.64
   6192300       20641         1.3%   157.240.253.63
   6095700       20319         1.2%   52.222.144.118
   5796600       19322         1.2%   157.240.251.63

Top-10 Dst IPs by Packets:
    Packets   Est. Rate   % of Total            Dst IP
-----------------------------------------------------
  388544400     1295148        78.6%     132.72.140.45
   25040100       83467         5.1%     132.66.52.197
   22627200       75424         4.6%   128.139.225.245
   16296900       54323         3.3%      132.76.61.54
   13865700       46219         2.8%     132.66.36.172
   12174300       40581         2.5%      132.76.61.53
   10179600       33932         2.1%     128.139.200.5
    9792000       32640         2.0%     128.139.200.4
    9447900       31493         1.9%    132.68.108.108
    7104000       23680         1.4%    192.114.23.238

Top-10 Possible Targets by Bytes:
         Src IP   Src Port          Dst IP   Dst Port   Sampled Count
-------------------------------------------------------------------
                             132.72.140.45               474389180100
                             132.72.140.45               270648620400
                             132.72.140.45               270488685900
                        53   132.72.140.45               198680140500
                             132.72.140.45        443    158462279400
                             132.72.140.45         53     42887638500
                       443   132.66.52.197                36736766100
                             132.66.52.197                36736766100
  3.160.196.126        443                                36736744800
  3.160.196.126                                 35972     36736744800

Metric Info:
4M Packets/s

Alert Type:
time_window

Alert Description:
High packet rate

Start Time: 2025-02-05 15:55:40
End Time: ongoing

First Event Seen: 2025-02-05 15:53:00
Last Event Seen: 2025-02-05 16:02:00

Further Details:
https://primary.nemo.geant.org/alerts/details/362036/