[NeMo-DDoS-List] FW: [Geant NeMo] Analysis for Alert #375875 WARN: IUCC (AS378) - [Customer] [Email_Analysis] [IUCC]

Hank Nussbacher hank at mail.iucc.ac.il
Mon Jun 16 07:40:45 IDT 2025 



________________________________________
From: nemo-ddos at host.geant.org <nemo-ddos at host.geant.org>
Sent: Monday, June 16, 2025 7:40:38 AM (UTC+02:00) Jerusalem
To: soc at geant.org
Subject: [Geant NeMo] Analysis for Alert #375875 WARN: IUCC (AS378) - [Customer] [Email_Analysis] [IUCC]

Please find the analysis details for the Alert ID: 375875

Top-10 Src IPs by Packets:
   Packets   Est. Rate   % of Total           Src IP
---------------------------------------------------
  93410100      311367        11.6%   104.199.145.14
  44955600      149852         5.6%   35.229.205.246
  38890200      129634         4.8%   35.201.161.170
  38494500      128315         4.8%   35.221.208.125
  36918000      123060         4.6%   132.226.34.138
  33456300      111521         4.2%   35.221.237.123
  32363700      107879         4.0%   35.194.234.181
  31602000      105340         3.9%      35.234.39.3
  28532100       95107         3.5%   35.194.219.133
  27879000       92930         3.5%     34.80.171.82

Top-10 Dst IPs by Packets:
    Packets   Est. Rate   % of Total            Dst IP
-----------------------------------------------------
  951690000     3172300       118.3%     132.68.238.32
    5256300       17521         0.7%   128.139.225.244
    3548700       11829         0.4%     132.74.74.134
    2939400        9798         0.4%      192.114.5.10
    2353500        7845         0.3%        3.5.57.196
    2333700        7779         0.3%      132.76.61.51
    1984200        6614         0.2%     192.114.3.241
    1917000        6390         0.2%     132.72.202.57
    1858500        6195         0.2%     128.139.199.4
    1824600        6082         0.2%     128.139.200.5

Top-10 Possible Targets by Bytes:
          Src IP   Src Port          Dst IP   Dst Port   Sampled Count
--------------------------------------------------------------------
                              132.68.238.32               265805089500
                              132.68.238.32         80    148453797000
                              132.68.238.32               117344109600
                              132.68.238.32               117190298700
                         53   132.68.238.32                77360115600
  132.226.34.138                                    80     17570062500
  132.226.34.138                                           17570062500
                       9615   132.68.238.32                11413547400
  132.226.34.138       9615                                11413278000
      132.74.3.4                                   443      9999595200

Metric Info:
3M Packets/s

Alert Type:
time_window

Alert Description:
High packet rate

Start Time: 2025-06-16 04:40:25
End Time: ongoing

First Event Seen: 2025-06-16 04:38:00
Last Event Seen: 2025-06-16 04:39:00

Further Details:
https://primary.nemo.geant.org/alerts/details/375875/

More information about the Nemo-ddos-list mailing list