[NeMo-DDoS-List] FW: [Geant NeMo] Analysis for Alert #377924 CRIT: IUCC (AS378) - [Customer] [Email_Analysis] [IUCC]

Wed Jul 16 17:16:11 IDT 2025



________________________________________
From: nemo-ddos at host.geant.org <nemo-ddos at host.geant.org>
Sent: Wednesday, July 16, 2025 5:16:06 PM (UTC+02:00) Jerusalem
To: soc at geant.org
Subject: [Geant NeMo] Analysis for Alert #377924 CRIT: IUCC (AS378) - [Customer] [Email_Analysis] [IUCC]

Please find the analysis details for the Alert ID: 377924

Top-10 Src IPs by Packets:
   Packets   Est. Rate   % of Total           Src IP
---------------------------------------------------
  40466100      134887         7.2%   95.101.122.138
  30212400      100708         5.4%   95.101.122.152
  14302200       47674         2.5%    162.125.69.15
  11586600       38622         2.1%   142.250.201.33
   9493800       31646         1.7%    132.73.124.72
   7700700       25669         1.4%     132.73.124.8
   6939000       23130         1.2%    34.104.35.123
   6405000       21350         1.1%     132.76.61.51
   6274200       20914         1.1%     184.25.54.62
   6192000       20640         1.1%   95.101.122.114

Top-10 Dst IPs by Packets:
   Packets   Est. Rate   % of Total            Dst IP
----------------------------------------------------
  20551800       68506         3.7%    95.101.122.138
  19539900       65133         3.5%      132.76.61.52
  15777900       52593         2.8%      132.73.124.8
  15413100       51377         2.7%    95.101.122.152
  13251600       44172         2.4%     132.73.124.72
  12994200       43314         2.3%   128.139.225.244
  11585700       38619         2.1%    132.64.193.164
  11396700       37989         2.0%     162.125.69.18
   9549600       31832         1.7%     132.73.124.32
   9467100       31557         1.7%       132.66.79.8

Top-10 Possible Targets by Bytes:
          Src IP   Src Port          Dst IP   Dst Port   Sampled Count
--------------------------------------------------------------------
  95.101.122.138        443                                60322468500
  95.101.122.138                                           60322468500
  95.101.122.152        443                                45146142300
  95.101.122.152                                           45146142300
                               132.76.61.52                26689860900
                        443    132.76.61.52                26309007300
                               132.73.124.8                22009635600
                        443    132.73.124.8                22009361700
                              132.73.124.72                18211421700
                        443   132.73.124.72                18209624400

Metric Info:
2M Packets/s

Alert Type:
time_window

Alert Description:
High packet rate

Start Time: 2025-07-16 14:11:51
End Time: ongoing

First Event Seen: 2025-07-16 14:09:00
Last Event Seen: 2025-07-16 14:14:00

Further Details:
https://primary.nemo.geant.org/alerts/details/377924/