[NeMo-DDoS-List] FW: [Geant NeMo] Analysis for Alert #206076 CRIT: IUCC (AS378) - [IUCC] [Email_Analysis] [Customer]

Hank Nussbacher hank at mail.iucc.ac.il
Tue Jun 3 06:55:09 IDT 2025 



________________________________________
From: nemo-ddos at host.geant.org <nemo-ddos at host.geant.org>
Sent: Tuesday, June 3, 2025 6:55:03 AM (UTC+02:00) Jerusalem
To: soc at geant.org
Subject: [Geant NeMo] Analysis for Alert #206076 CRIT: IUCC (AS378) - [IUCC] [Email_Analysis] [Customer]

Please find the analysis details for the Alert ID: 206076

Top-10 Src IPs by Packets:
   Packets   Est. Rate   % of Total                     Src IP
-------------------------------------------------------------
  83045400      276818        15.9%   2a00:1450:4002:809::201b
  75916200      253054        14.6%   2a00:1450:4002:411::201b
  67476300      224921        12.9%   2a00:1450:4002:414::201b
  67199100      223997        12.9%   2a00:1450:4002:410::201b
  27904800       93016         5.4%             185.156.109.45
  24298200       80994         4.7%               5.182.37.200
   9156600       30522         1.8%             74.112.186.163
   8976300       29921         1.7%                 132.74.3.3
   8633100       28777         1.7%              34.104.35.123
   8007900       26693         1.5%             216.58.204.138

Top-10 Dst IPs by Packets:
   Packets   Est. Rate   % of Total                 Dst IP
---------------------------------------------------------
  42428700      141429         8.1%    2001:bf8:900:d:1::8
  38348100      127827         7.4%   2001:bf8:900:d:1::1f
  37190700      123969         7.1%   2001:bf8:900:d:1::19
  35561700      118539         6.8%   2001:bf8:900:d:1::f6
  31327800      104426         6.0%   2001:bf8:900:d:1::14
  20825100       69417         4.0%   2001:bf8:900:d:1::2a
  16824600       56082         3.2%   2001:bf8:900:d:1::5e
  14058900       46863         2.7%   2001:bf8:900:d:1::57
  12307200       41024         2.4%          132.74.56.132
  12157800       40526         2.3%   2001:bf8:900:d:1::ae

Top-10 Possible Targets by Bytes:
                    Src IP   Src Port                Dst IP   Dst Port   Sampled Count
------------------------------------------------------------------------------------
  2a00:1450:4002:809::201b        443                                     106202992800
  2a00:1450:4002:809::201b                                                106202992800
  2a00:1450:4002:411::201b        443                                      97085248200
  2a00:1450:4002:411::201b                                                 97085248200
  2a00:1450:4002:414::201b        443                                      84976090500
  2a00:1450:4002:414::201b                                                 84976090500
  2a00:1450:4002:410::201b        443                                      84615293400
  2a00:1450:4002:410::201b                                                 84615293400
                                  443   2001:bf8:900:d:1::8                54292797000
                                        2001:bf8:900:d:1::8                54292797000

Metric Info:
2M Packets/s

Alert Type:
time_window

Alert Description:
High packet rate.

Start Time: 2025-06-03 03:41:52
End Time: ongoing

First Event Seen: 2025-06-03 03:39:00
Last Event Seen: 2025-06-03 03:53:00

Further Details:
https://secondary.nemo.geant.org/alerts/details/206076/

More information about the Nemo-ddos-list mailing list