[NeMo-DDoS-List] FW: [Geant NeMo] Analysis for Alert #206062 CRIT: IUCC (AS378) - [IUCC] [Email_Analysis] [Customer]

Hank Nussbacher hank at mail.iucc.ac.il
Mon Jun 2 18:26:13 IDT 2025 



________________________________________
From: nemo-ddos at host.geant.org <nemo-ddos at host.geant.org>
Sent: Monday, June 2, 2025 6:26:06 PM (UTC+02:00) Jerusalem
To: soc at geant.org
Subject: [Geant NeMo] Analysis for Alert #206062 CRIT: IUCC (AS378) - [IUCC] [Email_Analysis] [Customer]

Please find the analysis details for the Alert ID: 206062

Top-10 Src IPs by Packets:
   Packets   Est. Rate   % of Total                     Src IP
-------------------------------------------------------------
  54862800      182876        13.5%   2a00:1450:4002:402::201b
  50308500      167695        12.4%   2a00:1450:4002:416::201b
  49944600      166482        12.3%   2a00:1450:4002:415::201b
  42894600      142982        10.6%   2a00:1450:4002:403::201b
  23568000       78560         5.8%               5.182.37.200
   6387900       21293         1.6%             52.222.144.115
   6146100       20487         1.5%               18.161.97.22
   4435800       14786         1.1%             199.232.82.172
   4274700       14249         1.1%              34.104.35.123
   3369300       11231         0.8%            162.159.140.167

Top-10 Dst IPs by Packets:
   Packets   Est. Rate   % of Total                 Dst IP
---------------------------------------------------------
  33280500      110935         8.2%   2001:bf8:900:d:1::19
  30964500      103215         7.6%   2001:bf8:900:d:1::1f
  30093600      100312         7.4%   2001:bf8:900:d:1::f5
  28751400       95838         7.1%   2001:bf8:900:d:1::e6
  26709900       89033         6.6%    2001:bf8:900:d:1::a
  22104900       73683         5.4%   2001:bf8:900:d:1::cd
  14858700       49529         3.7%        128.139.225.244
  13378500       44595         3.3%   2001:bf8:900:d:1::a8
  13341300       44471         3.3%         192.114.101.81
  12727200       42424         3.1%   2001:bf8:900:d:1::d6

Top-10 Possible Targets by Bytes:
                    Src IP   Src Port                 Dst IP   Dst Port   Sampled Count
-------------------------------------------------------------------------------------
  2a00:1450:4002:402::201b        443                                       70210936200
  2a00:1450:4002:402::201b                                                  70210936200
  2a00:1450:4002:416::201b        443                                       64388415600
  2a00:1450:4002:416::201b                                                  64388415600
  2a00:1450:4002:415::201b        443                                       63922185600
  2a00:1450:4002:415::201b                                                  63922185600
  2a00:1450:4002:403::201b        443                                       54902252700
  2a00:1450:4002:403::201b                                                  54902252700
                                  443   2001:bf8:900:d:1::19                42591372600
                                        2001:bf8:900:d:1::19                42591372600

Metric Info:
1M Packets/s

Alert Type:
time_window

Alert Description:
High packet rate.

Start Time: 2025-06-02 15:21:52
End Time: ongoing

First Event Seen: 2025-06-02 15:19:00
Last Event Seen: 2025-06-02 15:24:00

Further Details:
https://secondary.nemo.geant.org/alerts/details/206062/

More information about the Nemo-ddos-list mailing list