[NeMo-DDoS-List] FW: [Geant NeMo] Analysis for Alert #206041 WARN: IUCC (AS378) - [IUCC] [Email_Analysis] [Customer]

Hank Nussbacher hank at mail.iucc.ac.il
Mon Jun 2 07:44:14 IDT 2025 



________________________________________
From: nemo-ddos at host.geant.org <nemo-ddos at host.geant.org>
Sent: Monday, June 2, 2025 7:44:01 AM (UTC+02:00) Jerusalem
To: soc at geant.org
Subject: [Geant NeMo] Analysis for Alert #206041 WARN: IUCC (AS378) - [IUCC] [Email_Analysis] [Customer]

Please find the analysis details for the Alert ID: 206041

Top-10 Src IPs by Packets:
   Packets   Est. Rate   % of Total            Src IP
----------------------------------------------------
  65685000      218950        28.0%    146.75.122.172
  20856900       69523         8.9%      5.182.37.200
  19179300       63931         8.2%        132.74.3.4
   8896200       29654         3.8%    60.190.226.186
   7140900       23803         3.0%    60.190.226.187
   5879700       19599         2.5%   199.232.210.172
   5603100       18677         2.4%   199.232.214.172
   5474100       18247         2.3%      184.25.53.43
   3482100       11607         1.5%   162.159.140.167
   3009600       10032         1.3%      172.66.0.165

Top-10 Dst IPs by Packets:
  Packets   Est. Rate   % of Total            Dst IP
---------------------------------------------------
  5938500       19795         2.5%      132.76.72.35
  4620000       15400         2.0%   128.139.225.244
  4057500       13525         1.7%        3.5.56.150
  2977800        9926         1.3%        3.5.57.196
  2904900        9683         1.2%        3.5.58.229
  2753100        9177         1.2%     132.68.111.84
  2561400        8538         1.1%   199.232.210.172
  2403600        8012         1.0%   199.232.214.172
  1957800        6526         0.8%      192.114.5.10
  1894800        6316         0.8%     128.139.200.4

Top-10 Possible Targets by Bytes:
           Src IP   Src Port         Dst IP   Dst Port   Sampled Count
--------------------------------------------------------------------
   146.75.122.172                                          94257228600
   146.75.122.172        443                               87095429100
       132.74.3.4                                  443     27816626400
       132.74.3.4                                          27816626400
                         443   132.76.72.35                 8830844100
                               132.76.72.35                 8830844100
     184.25.53.43        443                                8195014800
     184.25.53.43                                           8195014800
  199.232.210.172         80                                8189996700
  199.232.210.172                                           8189996700

Metric Info:
1M Packets/s

Alert Type:
time_window

Alert Description:
High packet rate.

Start Time: 2025-06-02 04:43:53
End Time: ongoing

First Event Seen: 2025-06-02 04:41:00
Last Event Seen: 2025-06-02 04:42:00

Further Details:
https://secondary.nemo.geant.org/alerts/details/206041/

More information about the Nemo-ddos-list mailing list