[NeMo-DDoS-List] FW: [Geant NeMo] Analysis for Alert #206062 WARN: IUCC (AS378) - [IUCC] [Email_Analysis] [Customer]

Hank Nussbacher hank at mail.iucc.ac.il
Mon Jun 2 18:22:09 IDT 2025 



________________________________________
From: nemo-ddos at host.geant.org <nemo-ddos at host.geant.org>
Sent: Monday, June 2, 2025 6:22:01 PM (UTC+02:00) Jerusalem
To: soc at geant.org
Subject: [Geant NeMo] Analysis for Alert #206062 WARN: IUCC (AS378) - [IUCC] [Email_Analysis] [Customer]

Please find the analysis details for the Alert ID: 206062

Top-10 Src IPs by Packets:
   Packets   Est. Rate   % of Total                     Src IP
-------------------------------------------------------------
  39009000      130030        12.5%   2a00:1450:4002:402::201b
  33766800      112556        10.8%   2a00:1450:4002:416::201b
  32798700      109329        10.5%   2a00:1450:4002:415::201b
  29082000       96940         9.3%   2a00:1450:4002:403::201b
  19534200       65114         6.3%               5.182.37.200
   6387900       21293         2.1%             52.222.144.115
   6082800       20276         2.0%               18.161.97.22
   4022700       13409         1.3%             199.232.82.172
   3369300       11231         1.1%            162.159.140.167
   3253200       10844         1.0%              34.104.35.123

Top-10 Dst IPs by Packets:
   Packets   Est. Rate   % of Total                 Dst IP
---------------------------------------------------------
  25450200       84834         8.2%   2001:bf8:900:d:1::19
  22361400       74538         7.2%   2001:bf8:900:d:1::1f
  20794500       69315         6.7%   2001:bf8:900:d:1::f5
  19782600       65942         6.3%   2001:bf8:900:d:1::e6
  16680300       55601         5.4%    2001:bf8:900:d:1::a
  12821400       42738         4.1%   2001:bf8:900:d:1::cd
  12312600       41042         4.0%        128.139.225.244
   9327300       31091         3.0%          132.72.67.113
   8816700       29389         2.8%   2001:bf8:900:d:1::a8
   8666400       28888         2.8%         192.114.101.81

Top-10 Possible Targets by Bytes:
                    Src IP   Src Port                 Dst IP   Dst Port   Sampled Count
-------------------------------------------------------------------------------------
  2a00:1450:4002:402::201b        443                                       49918072200
  2a00:1450:4002:402::201b                                                  49918072200
  2a00:1450:4002:416::201b        443                                       43215767400
  2a00:1450:4002:416::201b                                                  43215767400
  2a00:1450:4002:415::201b        443                                       41977773000
  2a00:1450:4002:415::201b                                                  41977773000
  2a00:1450:4002:403::201b        443                                       37222124700
  2a00:1450:4002:403::201b                                                  37222124700
                                  443   2001:bf8:900:d:1::19                32568588600
                                        2001:bf8:900:d:1::19                32568588600

Metric Info:
1M Packets/s

Alert Type:
time_window

Alert Description:
High packet rate.

Start Time: 2025-06-02 15:21:52
End Time: ongoing

First Event Seen: 2025-06-02 15:19:00
Last Event Seen: 2025-06-02 15:20:00

Further Details:
https://secondary.nemo.geant.org/alerts/details/206062/

More information about the Nemo-ddos-list mailing list