[NeMo-DDoS-List] FW: [Geant NeMo] Analysis for Alert #205992 WARN: IUCC (AS378) - [IUCC] [Email_Analysis] [Customer]

Hank Nussbacher hank at mail.iucc.ac.il
Sun Jun 1 07:44:18 IDT 2025 



________________________________________
From: nemo-ddos at host.geant.org <nemo-ddos at host.geant.org>
Sent: Sunday, June 1, 2025 7:44:06 AM (UTC+02:00) Jerusalem
To: soc at geant.org
Subject: [Geant NeMo] Analysis for Alert #205992 WARN: IUCC (AS378) - [IUCC] [Email_Analysis] [Customer]

Please find the analysis details for the Alert ID: 205992

Top-10 Src IPs by Packets:
   Packets   Est. Rate   % of Total            Src IP
----------------------------------------------------
  72805200      242684        35.8%    146.75.122.172
  17232000       57440         8.5%      5.182.37.200
  10699200       35664         5.3%        132.74.3.2
   7493400       24978         3.7%   162.159.140.167
   6190500       20635         3.0%   199.232.214.172
   6091500       20305         3.0%   199.232.210.172
   5334300       17781         2.6%      184.25.53.43
   4470000       14900         2.2%     23.213.161.20
   3035400       10118         1.5%    199.232.82.172
   2314200        7714         1.1%   128.139.226.100

Top-10 Dst IPs by Packets:
  Packets   Est. Rate   % of Total            Dst IP
---------------------------------------------------
  7404300       24681         3.6%      132.76.72.35
  2757300        9191         1.4%   199.232.210.172
  2686500        8955         1.3%   199.232.214.172
  2604900        8683         1.3%   128.139.225.244
  2342400        7808         1.2%          3.5.57.7
  2311500        7705         1.1%      51.16.227.58
  2099700        6999         1.0%      132.76.61.54
  2062500        6875         1.0%      192.114.5.10
  2013300        6711         1.0%     132.71.124.46
  2007600        6692         1.0%     132.71.124.37

Top-10 Possible Targets by Bytes:
           Src IP   Src Port         Dst IP   Dst Port   Sampled Count
--------------------------------------------------------------------
   146.75.122.172                                         104276050200
   146.75.122.172        443                               95450998200
       132.74.3.2                                  443     15524164200
       132.74.3.2                                          15524164200
  162.159.140.167        443                               11188681200
  162.159.140.167                                          11188681200
  162.159.140.167                                64173     11065026300
                         443   132.76.72.35                11065026300
                               132.76.72.35      64173     11065026300
                               132.76.72.35                11065026300

Metric Info:
1M Packets/s

Alert Type:
time_window

Alert Description:
High packet rate.

Start Time: 2025-06-01 04:44:00
End Time: ongoing

First Event Seen: 2025-06-01 04:41:00
Last Event Seen: 2025-06-01 04:42:00

Further Details:
https://secondary.nemo.geant.org/alerts/details/205992/

More information about the Nemo-ddos-list mailing list