[NeMo-DDoS-List] FW: [Geant NeMo] Analysis for Alert #363179 WARN: IUCC (AS378) - [Customer] [Email_Analysis] [IUCC]

Thu Feb 13 19:45:16 IST 2025



________________________________________
From: nemo-ddos at host.geant.org <nemo-ddos at host.geant.org>
Sent: Thursday, February 13, 2025 7:45:07 PM (UTC+02:00) Jerusalem
To: soc at geant.org
Subject: [Geant NeMo] Analysis for Alert #363179 WARN: IUCC (AS378) - [Customer] [Email_Analysis] [IUCC]

Please find the analysis details for the Alert ID: 363179

Top-10 Src IPs by Packets:
   Packets   Est. Rate   % of Total           Src IP
---------------------------------------------------
  19869900       66233         7.2%   142.251.209.10
  19326300       64421         7.0%   45.144.212.109
  16416000       54720         5.9%    216.58.205.42
   6392400       21308         2.3%   216.58.204.138
   5047500       16825         1.8%    52.98.237.162
   4529400       15098         1.6%   216.58.204.234
   4248300       14161         1.5%    13.107.136.10
   3907500       13025         1.4%    52.98.237.146
   3519900       11733         1.3%    13.107.138.10
   3348300       11161         1.2%    52.98.243.146

Top-10 Dst IPs by Packets:
    Packets   Est. Rate   % of Total            Dst IP
-----------------------------------------------------
  242429400      808098        87.7%     132.68.238.32
   23586600       78622         8.5%    132.64.184.174
   15024300       50081         5.4%    128.139.16.119
   11960400       39868         4.3%   128.139.225.245
   10206000       34020         3.7%     128.139.200.5
    7334400       24448         2.7%     128.139.200.4
    6180000       20600         2.2%     128.139.199.4
    4731000       15770         1.7%      132.66.52.85
    3848700       12829         1.4%    192.115.44.243
    3693900       12313         1.3%      192.114.5.10

Top-10 Possible Targets by Bytes:
          Src IP   Src Port            Dst IP   Dst Port   Sampled Count
----------------------------------------------------------------------
                        443    132.64.184.174                34241860200
                               132.64.184.174                34241860200
   216.58.205.42        443                                  22539035400
   216.58.205.42                                             22539035400
                                132.68.238.32                19453813500
                                132.68.238.32         80     16570728000
                              128.139.225.245                13932642000
  142.251.209.10        443                                  12569064300
  142.251.209.10                                             12569064300
                                128.139.200.5                11814654300

Metric Info:
2M TCP Packets/s

Alert Type:
time_window

Alert Description:
High TCP packet rate

Start Time: 2025-02-13 17:38:33
End Time: ongoing

First Event Seen: 2025-02-13 17:36:00
Last Event Seen: 2025-02-13 17:43:00

Further Details:
https://primary.nemo.geant.org/alerts/details/363179/