[NeMo-DDoS-List] FW: [Geant NeMo] Analysis for Alert #376028 WARN: IUCC (AS378) - [Customer] [Email_Analysis] [IUCC]

Wed Jun 18 19:14:57 IDT 2025



________________________________________
From: nemo-ddos at host.geant.org <nemo-ddos at host.geant.org>
Sent: Wednesday, June 18, 2025 7:14:36 PM (UTC+02:00) Jerusalem
To: soc at geant.org
Subject: [Geant NeMo] Analysis for Alert #376028 WARN: IUCC (AS378) - [Customer] [Email_Analysis] [IUCC]

Please find the analysis details for the Alert ID: 376028

Top-10 Src IPs by Packets:
  Packets   Est. Rate   % of Total            Src IP
---------------------------------------------------
  5935800       19786         3.5%       157.240.0.6
  5734200       19114         3.4%       3.5.138.100
  5020200       16734         2.9%     52.105.249.53
  3983700       13279         2.3%      132.64.86.34
  3836100       12787         2.3%     34.104.35.123
  3475800       11586         2.0%   149.165.224.213
  3466500       11555         2.0%    103.174.130.24
  2821500        9405         1.7%    199.232.82.172
  2717400        9058         1.6%     54.231.169.89
  2551500        8505         1.5%        3.5.139.14

Top-10 Dst IPs by Packets:
    Packets   Est. Rate   % of Total            Dst IP
-----------------------------------------------------
  180208200      600694       105.8%    128.139.200.10
   11816100       39387         6.9%   128.139.225.244
   10510200       35034         6.2%      132.68.38.72
    6860400       22868         4.0%     132.68.39.242
    5754300       19181         3.4%     132.68.161.76
    5020200       16734         2.9%      132.75.16.88
    3475800       11586         2.0%   192.114.101.113
    3464700       11549         2.0%      132.76.61.52
    3267300       10891         1.9%     132.68.111.84
    3261900       10873         1.9%     128.139.200.4

Top-10 Possible Targets by Bytes:
       Src IP   Src Port            Dst IP   Dst Port   Sampled Count
-------------------------------------------------------------------
                            128.139.200.10        161     15930939900
                            128.139.200.10                15930939900
                     443      132.68.38.72                15399460200
                              132.68.38.72                15399460200
                           128.139.225.244                12478748700
                     443     132.68.39.242                10131463800
                             132.68.39.242                10131463800
                     443   128.139.225.244                 8716696200
  157.240.0.6                                              8445801300
  157.240.0.6        443                                   8445785700

Metric Info:
1M Packets/s

Alert Type:
time_window

Alert Description:
High packet rate

Start Time: 2025-06-18 16:14:21
End Time: ongoing

First Event Seen: 2025-06-18 16:12:00
Last Event Seen: 2025-06-18 16:13:00

Further Details:
https://primary.nemo.geant.org/alerts/details/376028/