[NeMo-DDoS-List] FW: [Geant NeMo] Analysis for Alert #377558 WARN: IUCC (AS378) - [Customer] [Email_Analysis] [IUCC]

Hank Nussbacher hank at mail.iucc.ac.il
Sat Jul 12 06:16:16 IDT 2025 



________________________________________
From: nemo-ddos at host.geant.org <nemo-ddos at host.geant.org>
Sent: Saturday, July 12, 2025 6:16:05 AM (UTC+02:00) Jerusalem
To: soc at geant.org
Subject: [Geant NeMo] Analysis for Alert #377558 WARN: IUCC (AS378) - [Customer] [Email_Analysis] [IUCC]

Please find the analysis details for the Alert ID: 377558

Top-10 Src IPs by Packets:
   Packets   Est. Rate   % of Total                 Src IP
---------------------------------------------------------
  51799800      172666        18.0%          153.92.220.99
  50931000      169770        17.7%         185.187.241.27
  50325900      167753        17.5%            153.92.6.11
  26266200       87554         9.1%   2001:bf8:900:d:2::71
   4831800       16106         1.7%          132.73.124.48
   4719000       15730         1.6%          192.114.3.241
   4656600       15522         1.6%        149.165.224.217
   4288500       14295         1.5%         52.217.132.169
   4028400       13428         1.4%        149.165.224.216
   3079500       10265         1.1%        142.250.179.202

Top-10 Dst IPs by Packets:
    Packets   Est. Rate   % of Total                      Dst IP
---------------------------------------------------------------
  153059100      510197        53.2%                192.115.64.1
   17830200       59434         6.2%             192.114.101.113
    4762800       15876         1.7%   2001:760:4205:128::130:70
    4757400       15858         1.7%               162.125.69.14
    4733400       15778         1.6%               13.107.138.10
    4441500       14805         1.5%               132.74.74.134
    4288500       14295         1.5%               132.75.113.73
    3867000       12890         1.3%             128.139.225.244
    2990400        9968         1.0%    2001:1470:ff8a:6d:dc::18
    2289900        7633         0.8%   2001:760:422a:137::201:67

Top-10 Possible Targets by Bytes:
          Src IP   Src Port         Dst IP   Dst Port   Sampled Count
-------------------------------------------------------------------
                              192.115.64.1               215420318700
                              192.115.64.1               179640172500
                              192.115.64.1               179640118500
   153.92.220.99                                          75596625000
  185.187.241.27                                          74333400000
   153.92.220.99                                          65930625000
   153.92.220.99                                          65930625000
     153.92.6.11                                          65490043500
  185.187.241.27                                          64835250000
  185.187.241.27                                          64835250000

Metric Info:
1M Packets/s

Alert Type:
time_window

Alert Description:
High packet rate

Start Time: 2025-07-12 03:15:56
End Time: ongoing

First Event Seen: 2025-07-12 03:13:00
Last Event Seen: 2025-07-12 03:14:00

Further Details:
https://primary.nemo.geant.org/alerts/details/377558/

More information about the Nemo-ddos-list mailing list