[NeMo-DDoS-List] FW: [Geant NeMo] Analysis for Alert #376371 CRIT: IUCC (AS378) - [Customer] [Email_Analysis] [IUCC]

Hank Nussbacher hank at mail.iucc.ac.il
Tue Jun 24 04:00:44 IDT 2025 



________________________________________
From: nemo-ddos at host.geant.org <nemo-ddos at host.geant.org>
Sent: Tuesday, June 24, 2025 4:00:37 AM (UTC+02:00) Jerusalem
To: soc at geant.org
Subject: [Geant NeMo] Analysis for Alert #376371 CRIT: IUCC (AS378) - [Customer] [Email_Analysis] [IUCC]

Please find the analysis details for the Alert ID: 376371

Top-10 Src IPs by Packets:
   Packets   Est. Rate   % of Total           Src IP
---------------------------------------------------
  79270800      264236        16.2%    62.204.42.124
  65403900      218013        13.4%     31.172.80.90
  40888200      136294         8.4%    84.238.133.19
  40134000      133780         8.2%     5.39.217.109
  29088900       96963         5.9%   185.244.128.79
  24716400       82388         5.1%    84.238.133.38
  21953400       73178         4.5%     43.250.53.25
  20853000       69510         4.3%   195.160.220.89
  18274500       60915         3.7%      85.17.90.43
  11265900       37553         2.3%       132.74.3.3

Top-10 Dst IPs by Packets:
  Packets   Est. Rate   % of Total            Dst IP
---------------------------------------------------
  9366000       31220         1.9%     132.66.253.21
  7253700       24179         1.5%   128.139.225.244
  5889300       19631         1.2%     51.16.175.215
  4517100       15057         0.9%     132.68.111.84
  4306200       14354         0.9%     132.74.74.134
  4170600       13902         0.9%        3.5.58.193
  3462300       11541         0.7%     192.114.3.241
  2328900        7763         0.5%       16.12.14.10
  1717800        5726         0.4%    132.71.108.233
  1709100        5697         0.3%     128.139.200.5

Top-10 Possible Targets by Bytes:
         Src IP   Src Port            Dst IP   Dst Port   Sampled Count
---------------------------------------------------------------------
     132.74.3.3                                     443     16401797400
     132.74.3.3                                             16401797400
  132.66.253.21                                     443     13465853700
  132.66.253.21                                             13465853700
                       443     132.66.253.21                10372037700
                               132.66.253.21                10372037700
                             128.139.225.244                 9352654500
                       443   128.139.225.244                 9084472800
   132.74.20.45       4500                                   8348470800
   132.74.20.45                                    4500      8108607600

Metric Info:
5M Packets/s

Alert Type:
time_window

Alert Description:
High packet rate

Start Time: 2025-06-24 00:56:22
End Time: ongoing

First Event Seen: 2025-06-24 00:54:00
Last Event Seen: 2025-06-24 00:59:00

Further Details:
https://primary.nemo.geant.org/alerts/details/376371/

More information about the Nemo-ddos-list mailing list