[NeMo-DDoS-List] FW: [Geant NeMo] Analysis for Alert #377567 WARN: IUCC (AS378) - [Customer] [Email_Analysis] [IUCC]

Sat Jul 12 13:03:30 IDT 2025



________________________________________
From: nemo-ddos at host.geant.org <nemo-ddos at host.geant.org>
Sent: Saturday, July 12, 2025 1:03:24 PM (UTC+02:00) Jerusalem
To: soc at geant.org
Subject: [Geant NeMo] Analysis for Alert #377567 WARN: IUCC (AS378) - [Customer] [Email_Analysis] [IUCC]

Please find the analysis details for the Alert ID: 377567

Top-10 Src IPs by Packets:
   Packets   Est. Rate   % of Total            Src IP
----------------------------------------------------
  13868100       46227        18.3%     132.248.26.32
   9477600       31592        12.5%       31.13.84.52
   6759000       22530         8.9%   216.218.240.254
   3835800       12786         5.1%     104.243.38.74
   1841700        6139         2.4%    213.14.166.200
   1709700        5699         2.3%    213.165.91.225
   1653000        5510         2.2%   128.139.225.244
   1371000        4570         1.8%    157.240.252.63
   1225200        4084         1.6%      192.114.52.3
    988200        3294         1.3%        31.13.84.4

Top-10 Dst IPs by Packets:
    Packets   Est. Rate   % of Total            Dst IP
-----------------------------------------------------
  147179700      490599       194.4%     132.72.118.41
    8343600       27812        11.0%   128.139.225.244
    1401300        4671         1.9%    142.250.27.207
    1161300        3871         1.5%    132.73.124.193
     998700        3329         1.3%       132.70.66.9
     918300        3061         1.2%      192.114.52.3
     716700        2389         0.9%    208.67.222.222
     687300        2291         0.9%     192.114.52.14
     650400        2168         0.9%      192.114.52.7
     649800        2166         0.9%       31.13.84.52

Top-10 Possible Targets by Bytes:
       Src IP   Src Port            Dst IP   Dst Port   Sampled Count
-------------------------------------------------------------------
                             132.72.118.41               142556736600
                             132.72.118.41                83605500300
                             132.72.118.41                83605500300
                             132.72.118.41        443     58950786300
                      53     132.72.118.41                56825327700
  31.13.84.52        443                                  11678670600
  31.13.84.52                                             11678670600
                           128.139.225.244                 9534532800
                     443   128.139.225.244                 8774311800
                            142.250.27.207        443      2044701600

Metric Info:
873k UDP Packets/s

Alert Type:
time_window

Alert Description:
High UDP packet rate

Start Time: 2025-07-12 09:59:56
End Time: ongoing

First Event Seen: 2025-07-12 09:57:00
Last Event Seen: 2025-07-12 10:01:00

Further Details:
https://primary.nemo.geant.org/alerts/details/377567/