[NeMo-DDoS-List] FW: [Geant NeMo] Analysis for Alert #377460 WARN: IUCC (AS378) - [Customer] [Email_Analysis] [IUCC]

Hank Nussbacher hank at mail.iucc.ac.il
Fri Jul 11 01:34:18 IDT 2025 



________________________________________
From: nemo-ddos at host.geant.org <nemo-ddos at host.geant.org>
Sent: Friday, July 11, 2025 1:34:08 AM (UTC+02:00) Jerusalem
To: soc at geant.org
Subject: [Geant NeMo] Analysis for Alert #377460 WARN: IUCC (AS378) - [Customer] [Email_Analysis] [IUCC]

Please find the analysis details for the Alert ID: 377460

Top-10 Src IPs by Packets:
   Packets   Est. Rate   % of Total                 Src IP
---------------------------------------------------------
  74452200      248174        16.1%            85.17.90.43
  54756300      182521        11.9%           31.172.80.90
  43446300      144821         9.4%           43.250.53.25
  29681400       98938         6.4%           5.39.217.109
  28419900       94733         6.2%         185.244.128.79
  17933100       59777         3.9%          185.204.52.33
  17689500       58965         3.8%          84.238.133.19
  16572600       55242         3.6%          84.238.133.38
  14115000       47050         3.1%         195.160.220.89
  10163700       33879         2.2%   2001:bf8:900:d:2::71

Top-10 Dst IPs by Packets:
  Packets   Est. Rate   % of Total            Dst IP
---------------------------------------------------
  8252100       27507         1.8%   128.139.225.244
  7809000       26030         1.7%     20.209.177.33
  7326000       24420         1.6%   192.114.101.113
  4805700       16019         1.0%     162.125.69.14
  3841200       12804         0.8%     132.74.74.134
  3754200       12514         0.8%   142.250.180.170
  3389700       11299         0.7%     132.74.73.110
  3194400       10648         0.7%       132.70.19.4
  3171600       10572         0.7%     128.139.200.4
  3117600       10392         0.7%     192.114.3.241

Top-10 Possible Targets by Bytes:
                Src IP   Src Port            Dst IP   Dst Port   Sampled Count
----------------------------------------------------------------------------
  2001:bf8:900:d:2::71       8443                                  15194839800
  2001:bf8:900:d:2::71                                             15194839800
           132.70.19.4                                     443     11503564500
           132.70.19.4                                             11503564500
                                      20.209.177.33        443     11503564500
                                      20.209.177.33                11503564500
                                    192.114.101.113                10933474800
                                    128.139.225.244                 8737410300
                              443   128.139.225.244                 7668285900
           31.13.84.52        443                                   7459572900

Metric Info:
2M Packets/s

Alert Type:
time_window

Alert Description:
High packet rate

Start Time: 2025-07-10 22:33:56
End Time: ongoing

First Event Seen: 2025-07-10 22:31:00
Last Event Seen: 2025-07-10 22:32:00

Further Details:
https://primary.nemo.geant.org/alerts/details/377460/

More information about the Nemo-ddos-list mailing list