[NeMo-DDoS-List] FW: [Geant NeMo] Analysis for Alert #377820 WARN: IUCC (AS378) - [Customer] [Email_Analysis] [IUCC]

Hank Nussbacher hank at mail.iucc.ac.il
Tue Jul 15 00:52:15 IDT 2025 



________________________________________
From: nemo-ddos at host.geant.org <nemo-ddos at host.geant.org>
Sent: Tuesday, July 15, 2025 12:52:05 AM (UTC+02:00) Jerusalem
To: soc at geant.org
Subject: [Geant NeMo] Analysis for Alert #377820 WARN: IUCC (AS378) - [Customer] [Email_Analysis] [IUCC]

Please find the analysis details for the Alert ID: 377820

Top-10 Src IPs by Packets:
   Packets   Est. Rate   % of Total           Src IP
---------------------------------------------------
  50532300      168441        10.6%   194.163.35.142
  49454700      164849        10.3%    153.92.220.99
  39891600      132972         8.3%   82.180.152.142
  39705000      132350         8.3%    217.21.84.235
  39329100      131097         8.2%   31.220.106.167
  38828100      129427         8.1%   82.180.138.129
  38474100      128247         8.1%   185.187.241.27
  28095300       93651         5.9%   195.179.239.29
  11118000       37060         2.3%      31.13.84.52
   4930800       16436         1.0%     52.84.151.45

Top-10 Dst IPs by Packets:
    Packets   Est. Rate   % of Total            Dst IP
-----------------------------------------------------
  324561300     1081871        67.9%    128.139.34.240
   13970100       46567         2.9%   128.139.225.244
    4792800       15976         1.0%     128.139.200.4
    4755300       15851         1.0%     132.66.253.21
    3786900       12623         0.8%        132.74.3.3
    3737400       12458         0.8%     128.139.200.5
    3468000       11560         0.7%     13.107.136.10
    2791200        9304         0.6%     192.114.52.15
    2182200        7274         0.5%    132.76.220.169
    2139000        7130         0.4%      192.114.52.9

Top-10 Possible Targets by Bytes:
          Src IP   Src Port           Dst IP   Dst Port   Sampled Count
---------------------------------------------------------------------
                              128.139.34.240               454747359300
                              128.139.34.240               373701655200
                              128.139.34.240               373701025800
                              128.139.34.240         53     81045650100
   153.92.220.99                                            72192660000
  194.163.35.142                                            65700318600
   153.92.220.99                                            62852910000
   153.92.220.99                                            62852910000
   217.21.84.235                                            57993697500
  31.220.106.167                                            57407227500

Metric Info:
3M Packets/s

Alert Type:
time_window

Alert Description:
High packet rate

Start Time: 2025-07-14 21:51:58
End Time: ongoing

First Event Seen: 2025-07-14 21:49:00
Last Event Seen: 2025-07-14 21:50:00

Further Details:
https://primary.nemo.geant.org/alerts/details/377820/

More information about the Nemo-ddos-list mailing list