[NeMo-DDoS-List] FW: [Geant NeMo] Analysis for Alert #375964 WARN: IUCC (AS378) - [Customer] [Email_Analysis] [IUCC]

Wed Jun 18 01:19:42 IDT 2025



________________________________________
From: nemo-ddos at host.geant.org <nemo-ddos at host.geant.org>
Sent: Wednesday, June 18, 2025 1:19:34 AM (UTC+02:00) Jerusalem
To: soc at geant.org
Subject: [Geant NeMo] Analysis for Alert #375964 WARN: IUCC (AS378) - [Customer] [Email_Analysis] [IUCC]

Please find the analysis details for the Alert ID: 375964

Top-10 Src IPs by Packets:
   Packets   Est. Rate   % of Total           Src IP
---------------------------------------------------
  23051100       76837         9.1%    52.222.136.15
  22912500       76375         9.1%   52.222.136.125
  22446600       74822         8.9%   52.222.136.124
  22388400       74628         8.9%    52.222.136.65
  12660900       42203         5.0%   213.246.45.154
   8522100       28407         3.4%     3.164.82.184
   5152800       17176         2.0%    132.66.253.21
   4505100       15017         1.8%    34.104.35.123
   3668100       12227         1.5%   216.58.204.234
   3558300       11861         1.4%   103.174.130.24

Top-10 Dst IPs by Packets:
   Packets   Est. Rate   % of Total            Dst IP
----------------------------------------------------
  90813300      302711        36.0%      132.70.60.10
   8862600       29542         3.5%   128.139.225.244
   8522100       28407         3.4%     132.65.180.13
   6574800       21916         2.6%     132.66.253.21
   5568000       18560         2.2%      192.114.52.6
   2963400        9878         1.2%     132.68.111.84
   2658900        8863         1.1%     128.139.200.4
   2547000        8490         1.0%     128.139.200.5
   2537100        8457         1.0%     132.74.68.186
   2416200        8054         1.0%     51.16.175.215

Top-10 Possible Targets by Bytes:
          Src IP   Src Port         Dst IP   Dst Port   Sampled Count
-------------------------------------------------------------------
                        443   132.70.60.10               134269312500
                              132.70.60.10               134269312500
   52.222.136.15        443                               34088613000
   52.222.136.15                                          34088613000
  52.222.136.125        443                               33882963600
  52.222.136.125                                          33882963600
  52.222.136.124        443                               33191916000
  52.222.136.124                                          33191916000
   52.222.136.65        443                               33086167200
   52.222.136.65                                          33086167200

Metric Info:
1M Packets/s

Alert Type:
time_window

Alert Description:
High packet rate

Start Time: 2025-06-17 22:19:26
End Time: ongoing

First Event Seen: 2025-06-17 22:17:00
Last Event Seen: 2025-06-17 22:18:00

Further Details:
https://primary.nemo.geant.org/alerts/details/375964/