[NeMo-DDoS-List] FW: [Geant NeMo] Analysis for Alert #377568 CRIT: IUCC (AS378) - [Customer] [Email_Analysis] [IUCC]

Sat Jul 12 13:03:29 IDT 2025



________________________________________
From: nemo-ddos at host.geant.org <nemo-ddos at host.geant.org>
Sent: Saturday, July 12, 2025 1:03:24 PM (UTC+02:00) Jerusalem
To: soc at geant.org
Subject: [Geant NeMo] Analysis for Alert #377568 CRIT: IUCC (AS378) - [Customer] [Email_Analysis] [IUCC]

Please find the analysis details for the Alert ID: 377568

Top-10 Src IPs by Packets:
  Packets   Est. Rate   % of Total            Src IP
---------------------------------------------------
   758700        2529         3.5%    204.76.203.206
   756900        2523         3.5%    196.251.85.128
   685500        2285         3.2%     104.156.155.3
   634800        2116         2.9%   185.191.127.222
   543300        1811         2.5%     149.86.227.49
   413700        1379         1.9%     89.248.163.67
   295800         986         1.4%      45.194.66.13
   293100         977         1.4%    15.235.224.227
   291600         972         1.4%    15.235.224.239
   290100         967         1.3%    15.235.227.163

Top-10 Dst IPs by Packets:
   Packets   Est. Rate   % of Total                       Dst IP
---------------------------------------------------------------
  47071800      156906       218.2%                132.72.118.41
    159900         533         0.7%   2001:760:4205:128::129:201
     47400         158         0.2%              128.139.225.244
     29700          99         0.1%               34.120.146.219
     26100          87         0.1%                 192.114.52.2
     20700          69         0.1%                192.114.52.11
     19500          65         0.1%                132.65.240.60
     18300          61         0.1%                 192.114.5.10
     17400          58         0.1%                   132.72.6.1
     14100          47         0.1%               208.67.222.222

Top-10 Possible Targets by Bytes:
                Src IP   Src Port                       Dst IP   Dst Port   Sampled Count
---------------------------------------------------------------------------------------
                                                 132.72.118.41                 2824266000
  2001:bf8:900:d:2::71       8443                                               239421600
  2001:bf8:900:d:2::71                                              56022       239421600
  2001:bf8:900:d:2::71                                                          239421600
                             8443   2001:760:4205:128::129:201                  239421600
                                    2001:760:4205:128::129:201      56022       239421600
                                    2001:760:4205:128::129:201                  239421600
          132.76.61.53                                                           42766800
          132.76.61.53                                                443        42730800
          132.76.61.53      53816                                                41178000

Metric Info:
377k SYN Packets/s

Alert Type:
time_window

Alert Description:
High SYN packet rate

Start Time: 2025-07-12 10:00:50
End Time: ongoing

First Event Seen: 2025-07-12 09:58:00
Last Event Seen: 2025-07-12 10:01:00

Further Details:
https://primary.nemo.geant.org/alerts/details/377568/