[NeMo-DDoS-List] FW: [Geant NeMo] Analysis for Alert #206076 WARN: IUCC (AS378) - [IUCC] [Email_Analysis] [Customer]

Hank Nussbacher hank at mail.iucc.ac.il
Tue Jun 3 06:42:06 IDT 2025 



________________________________________
From: nemo-ddos at host.geant.org <nemo-ddos at host.geant.org>
Sent: Tuesday, June 3, 2025 6:41:59 AM (UTC+02:00) Jerusalem
To: soc at geant.org
Subject: [Geant NeMo] Analysis for Alert #206076 WARN: IUCC (AS378) - [IUCC] [Email_Analysis] [Customer]

Please find the analysis details for the Alert ID: 206076

Top-10 Src IPs by Packets:
   Packets   Est. Rate   % of Total                     Src IP
-------------------------------------------------------------
  59181300      197271        14.9%   2a00:1450:4002:809::201b
  54745500      182485        13.8%   2a00:1450:4002:411::201b
  47503800      158346        12.0%   2a00:1450:4002:414::201b
  46173000      153910        11.6%   2a00:1450:4002:410::201b
  23436000       78120         5.9%             185.156.109.45
  20177700       67259         5.1%               5.182.37.200
   8565300       28551         2.2%             74.112.186.163
   7749000       25830         2.0%             216.58.204.138
   7507500       25025         1.9%                 132.74.3.3
   6975300       23251         1.8%              34.104.35.123

Top-10 Dst IPs by Packets:
   Packets   Est. Rate   % of Total                 Dst IP
---------------------------------------------------------
  30507000      101690         7.7%    2001:bf8:900:d:1::8
  25773000       85910         6.5%   2001:bf8:900:d:1::19
  25393500       84645         6.4%   2001:bf8:900:d:1::f6
  25349700       84499         6.4%   2001:bf8:900:d:1::1f
  22270200       74234         5.6%   2001:bf8:900:d:1::14
  14756100       49187         3.7%   2001:bf8:900:d:1::2a
  11282100       37607         2.8%   2001:bf8:900:d:1::5e
  10332600       34442         2.6%   2001:bf8:900:d:1::e6
   9887100       32957         2.5%          132.74.56.132
   9144600       30482         2.3%   2001:bf8:900:d:1::57

Top-10 Possible Targets by Bytes:
                    Src IP   Src Port                Dst IP   Dst Port   Sampled Count
------------------------------------------------------------------------------------
  2a00:1450:4002:809::201b        443                                      75658554600
  2a00:1450:4002:809::201b                                                 75658554600
  2a00:1450:4002:411::201b        443                                      69987078600
  2a00:1450:4002:411::201b                                                 69987078600
  2a00:1450:4002:414::201b        443                                      59412395100
  2a00:1450:4002:414::201b                                                 59412395100
  2a00:1450:4002:410::201b        443                                      57703251600
  2a00:1450:4002:410::201b                                                 57703251600
                                  443   2001:bf8:900:d:1::8                39033558600
                                        2001:bf8:900:d:1::8                39033558600

Metric Info:
2M Packets/s

Alert Type:
time_window

Alert Description:
High packet rate.

Start Time: 2025-06-03 03:41:52
End Time: ongoing

First Event Seen: 2025-06-03 03:39:00
Last Event Seen: 2025-06-03 03:40:00

Further Details:
https://secondary.nemo.geant.org/alerts/details/206076/

More information about the Nemo-ddos-list mailing list