[NeMo-DDoS-List] FW: [Geant NeMo] Analysis for Alert #363178 WARN: IUCC (AS378) - [Customer] [Email_Analysis] [IUCC]

Thu Feb 13 19:44:55 IST 2025



________________________________________
From: nemo-ddos at host.geant.org <nemo-ddos at host.geant.org>
Sent: Thursday, February 13, 2025 7:44:49 PM (UTC+02:00) Jerusalem
To: soc at geant.org
Subject: [Geant NeMo] Analysis for Alert #363178 WARN: IUCC (AS378) - [Customer] [Email_Analysis] [IUCC]

Please find the analysis details for the Alert ID: 363178

Top-10 Src IPs by Packets:
   Packets   Est. Rate   % of Total           Src IP
---------------------------------------------------
  20031600       66772         6.3%   142.251.209.10
  19326300       64421         6.1%   45.144.212.109
  16586700       55289         5.2%    216.58.205.42
   6516900       21723         2.0%   216.58.204.138
   5106000       17020         1.6%    52.98.237.162
   4851300       16171         1.5%   216.58.204.234
   4612500       15375         1.4%      31.13.84.52
   4248300       14161         1.3%    13.107.136.10
   3973800       13246         1.2%    52.98.237.146
   3816900       12723         1.2%   157.240.252.63

Top-10 Dst IPs by Packets:
    Packets   Est. Rate   % of Total            Dst IP
-----------------------------------------------------
  261145500      870485        81.9%     132.68.238.32
   23586600       78622         7.4%    132.64.184.174
   22422000       74740         7.0%   128.139.225.245
   15024300       50081         4.7%    128.139.16.119
   10458300       34861         3.3%     128.139.200.5
    7627200       25424         2.4%     128.139.200.4
    6289200       20964         2.0%     128.139.199.4
    4745100       15817         1.5%      192.114.5.10
    4716300       15721         1.5%      132.66.52.85
    3848700       12829         1.2%    192.115.44.243

Top-10 Possible Targets by Bytes:
          Src IP   Src Port            Dst IP   Dst Port   Sampled Count
----------------------------------------------------------------------
                                132.68.238.32                41073740400
                        443    132.64.184.174                34241860200
                               132.64.184.174                34241860200
                              128.139.225.245                25786519800
   216.58.205.42        443                                  22575826200
   216.58.205.42                                             22575826200
                        443   128.139.225.245                16733564700
                                132.68.238.32         80     16570710000
  142.251.209.10        443                                  12619594200
  142.251.209.10                                             12619594200

Metric Info:
2M Packets/s

Alert Type:
time_window

Alert Description:
High packet rate

Start Time: 2025-02-13 17:38:27
End Time: ongoing

First Event Seen: 2025-02-13 17:36:00
Last Event Seen: 2025-02-13 17:43:00

Further Details:
https://primary.nemo.geant.org/alerts/details/363178/