[NeMo-DDoS-List] FW: [Geant NeMo] Analysis for Alert #362676 WARN: IUCC (AS378) - [Customer] [Email_Analysis] [IUCC]

Sun Feb 9 23:04:58 IST 2025



________________________________________
From: nemo-ddos at host.geant.org <nemo-ddos at host.geant.org>
Sent: Sunday, February 9, 2025 11:04:53 PM (UTC+02:00) Jerusalem
To: soc at geant.org
Subject: [Geant NeMo] Analysis for Alert #362676 WARN: IUCC (AS378) - [Customer] [Email_Analysis] [IUCC]

Please find the analysis details for the Alert ID: 362676

Top-10 Src IPs by Packets:
  Packets   Est. Rate   % of Total            Src IP
---------------------------------------------------
  5629800       18766         9.1%    157.240.253.63
  4874700       16249         7.9%    157.240.252.63
  4734000       15780         7.6%    157.240.251.63
  2564400        8548         4.1%   128.139.226.100
  2263200        7544         3.6%      157.240.0.63
  1984200        6614         3.2%   128.139.225.245
  1133400        3778         1.8%     157.240.253.1
  1063200        3544         1.7%    157.240.196.62
  1056600        3522         1.7%    157.240.252.13
  1029600        3432         1.7%      132.74.20.45

Top-10 Dst IPs by Packets:
   Packets   Est. Rate   % of Total            Dst IP
----------------------------------------------------
  60662100      202207        97.7%     132.66.231.79
  12770700       42569        20.6%   128.139.225.245
   2563200        8544         4.1%      51.16.227.58
   2119800        7066         3.4%      192.114.52.2
   2080500        6935         3.4%      192.114.52.6
   1762800        5876         2.8%     192.114.52.14
   1541700        5139         2.5%      192.114.52.8
   1307700        4359         2.1%      192.114.52.1
   1263300        4211         2.0%      192.114.52.3
   1210800        4036         1.9%     192.114.52.13

Top-10 Possible Targets by Bytes:
          Src IP   Src Port            Dst IP   Dst Port   Sampled Count
----------------------------------------------------------------------
                                132.66.231.79                79856675400
                                132.66.231.79                49075520400
                                132.66.231.79                49075520400
                                132.66.231.79         80     30780501600
                         53     132.66.231.79                30774648900
                              128.139.225.245                13178806800
                        443   128.139.225.245                 9981311100
  157.240.253.63        443                                   6782313900
  157.240.253.63                                              6782313900
  157.240.252.63        443                                   5944209600

Metric Info:
571k UDP Packets/s

Alert Type:
time_window

Alert Description:
High UDP packet rate

Start Time: 2025-02-09 20:58:38
End Time: ongoing

First Event Seen: 2025-02-09 20:56:00
Last Event Seen: 2025-02-09 21:03:00

Further Details:
https://primary.nemo.geant.org/alerts/details/362676/