[NeMo-DDoS-List] FW: [Geant NeMo] Analysis for Alert #376371 WARN: IUCC (AS378) - [Customer] [Email_Analysis] [IUCC]

Hank Nussbacher hank at mail.iucc.ac.il
Tue Jun 24 03:56:47 IDT 2025 



________________________________________
From: nemo-ddos at host.geant.org <nemo-ddos at host.geant.org>
Sent: Tuesday, June 24, 2025 3:56:33 AM (UTC+02:00) Jerusalem
To: soc at geant.org
Subject: [Geant NeMo] Analysis for Alert #376371 WARN: IUCC (AS378) - [Customer] [Email_Analysis] [IUCC]

Please find the analysis details for the Alert ID: 376371

Top-10 Src IPs by Packets:
   Packets   Est. Rate   % of Total           Src IP
---------------------------------------------------
  42293400      140978        15.2%    62.204.42.124
  27739200       92464         9.9%     31.172.80.90
  24141600       80472         8.7%    84.238.133.19
  14615700       48719         5.2%     5.39.217.109
  14530800       48436         5.2%    84.238.133.38
  14476500       48255         5.2%   185.244.128.79
  13224300       44081         4.7%     43.250.53.25
   8957400       29858         3.2%       132.74.3.3
   7753800       25846         2.8%      85.17.90.43
   7365000       24550         2.6%    132.66.253.21

Top-10 Dst IPs by Packets:
  Packets   Est. Rate   % of Total            Dst IP
---------------------------------------------------
  7169700       23899         2.6%     132.66.253.21
  6251400       20838         2.2%   128.139.225.244
  3616500       12055         1.3%     132.74.74.134
  3582900       11943         1.3%     132.68.111.84
  3535800       11786         1.3%     51.16.175.215
  3512700       11709         1.3%        3.5.58.193
  3231600       10772         1.2%     192.114.3.241
  2328900        7763         0.8%       16.12.14.10
  1682100        5607         0.6%    132.71.108.233
  1475400        4918         0.5%     128.139.200.5

Top-10 Possible Targets by Bytes:
         Src IP   Src Port            Dst IP   Dst Port   Sampled Count
---------------------------------------------------------------------
     132.74.3.3                                     443     13049144400
     132.74.3.3                                             13049144400
  132.66.253.21                                     443     10776137100
  132.66.253.21                                             10776137100
                             128.139.225.244                 8046550500
                       443   128.139.225.244                 7818019800
                       443     132.66.253.21                 7800319200
                               132.66.253.21                 7800319200
                               132.68.111.84                 5267371800
                       443     132.68.111.84                 5267361000

Metric Info:
2M Packets/s

Alert Type:
time_window

Alert Description:
High packet rate

Start Time: 2025-06-24 00:56:22
End Time: ongoing

First Event Seen: 2025-06-24 00:54:00
Last Event Seen: 2025-06-24 00:55:00

Further Details:
https://primary.nemo.geant.org/alerts/details/376371/

More information about the Nemo-ddos-list mailing list