[NeMo-DDoS-List] FW: [Geant NeMo] Analysis for Alert #379161 CRIT: IUCC (AS378) - [Customer] [Email_Analysis] [IUCC]
Hank Nussbacher
hank at mail.iucc.ac.il
Tue Jul 29 04:14:26 IDT 2025
________________________________________
From: nemo-ddos at host.geant.org <nemo-ddos at host.geant.org>
Sent: Tuesday, July 29, 2025 4:14:21 AM (UTC+02:00) Jerusalem
To: soc at geant.org
Subject: [Geant NeMo] Analysis for Alert #379161 CRIT: IUCC (AS378) - [Customer] [Email_Analysis] [IUCC]
Please find the analysis details for the Alert ID: 379161
Top-10 Src IPs by Packets:
Packets Est. Rate % of Total Src IP
----------------------------------------------------
66104100 220347 14.3% 23.41.187.27
62315100 207717 13.5% 23.41.187.30
21589500 71965 4.7% 95.100.181.139
20895600 69652 4.5% 95.100.181.133
15334500 51115 3.3% 132.73.124.72
10256400 34188 2.2% 216.58.205.42
9580200 31934 2.1% 132.73.124.152
8710800 29036 1.9% 142.251.209.42
7514400 25048 1.6% 142.250.180.170
7348800 24496 1.6% 132.73.124.48
Top-10 Dst IPs by Packets:
Packets Est. Rate % of Total Dst IP
---------------------------------------------------
35330700 117769 7.6% 23.41.187.27
33564600 111882 7.2% 23.41.187.30
29156100 97187 6.3% 132.73.124.72
15620700 52069 3.4% 132.73.124.152
14583000 48610 3.1% 132.74.56.132
13182300 43941 2.8% 132.73.124.48
13179300 43931 2.8% 132.73.124.8
13078800 43596 2.8% 128.139.35.5
11869500 39565 2.6% 95.100.181.133
11547600 38492 2.5% 95.100.181.139
Top-10 Possible Targets by Bytes:
Src IP Src Port Dst IP Dst Port Sampled Count
--------------------------------------------------------------------
23.41.187.27 99049504500
23.41.187.27 443 98733984600
23.41.187.30 93378279600
23.41.187.30 443 93377020500
132.73.124.72 43260239100
443 132.73.124.72 43242960600
95.100.181.139 32332829400
95.100.181.139 443 32310700500
95.100.181.133 31317597000
95.100.181.133 443 31300923900
Metric Info:
1M Packets/s
Alert Type:
time_window
Alert Description:
High packet rate
Start Time: 2025-07-29 01:10:11
End Time: ongoing
First Event Seen: 2025-07-29 01:07:00
Last Event Seen: 2025-07-29 01:12:00
Further Details:
https://primary.nemo.geant.org/alerts/details/379161/
More information about the Nemo-ddos-list
mailing list