[NeMo-DDoS-List] FW: [Geant NeMo] Analysis for Alert #376383 WARN: IUCC (AS378) - [Customer] [Email_Analysis] [IUCC]

Hank Nussbacher hank at mail.iucc.ac.il
Tue Jun 24 07:01:40 IDT 2025 



________________________________________
From: nemo-ddos at host.geant.org <nemo-ddos at host.geant.org>
Sent: Tuesday, June 24, 2025 7:01:35 AM (UTC+02:00) Jerusalem
To: soc at geant.org
Subject: [Geant NeMo] Analysis for Alert #376383 WARN: IUCC (AS378) - [Customer] [Email_Analysis] [IUCC]

Please find the analysis details for the Alert ID: 376383

Top-10 Src IPs by Packets:
   Packets   Est. Rate   % of Total           Src IP
---------------------------------------------------
  69162900      230543        14.2%    62.204.42.124
  56697000      188990        11.7%     31.172.80.90
  43764000      145880         9.0%   195.160.220.89
  40353000      134510         8.3%     43.250.53.25
  38472900      128243         7.9%     5.39.217.109
  24976200       83254         5.1%   185.244.128.79
  24074100       80247         5.0%    84.238.133.19
  23579400       78598         4.9%      85.17.90.43
  11940300       39801         2.5%    91.235.234.48
   8386500       27955         1.7%   141.11.164.180

Top-10 Dst IPs by Packets:
  Packets   Est. Rate   % of Total            Dst IP
---------------------------------------------------
  6937800       23126         1.4%     132.71.146.63
  5910600       19702         1.2%     132.70.226.91
  4327200       14424         0.9%     132.66.253.21
  4296600       14322         0.9%     132.68.111.84
  4137600       13792         0.9%      132.74.73.29
  3666600       12222         0.8%     132.74.74.134
  3198900       10663         0.7%   128.139.225.244
  2117400        7058         0.4%      51.16.227.58
  1814700        6049         0.4%    192.114.23.221
  1799700        5999         0.4%     51.16.175.215

Top-10 Possible Targets by Bytes:
         Src IP   Src Port          Dst IP   Dst Port   Sampled Count
-------------------------------------------------------------------
                       443   132.71.146.63                10372668000
                             132.71.146.63                10372668000
     132.74.3.3                                   443     10095009600
     132.74.3.3                                           10095009600
                       443   132.70.226.91                 8732269200
                             132.70.226.91                 8732269200
  52.222.236.74        443                                 8730231600
  52.222.236.74                                 55764      8730231600
  52.222.236.74                                            8730231600
                             132.70.226.91      55764      8730231600

Metric Info:
3M Packets/s

Alert Type:
time_window

Alert Description:
High packet rate

Start Time: 2025-06-24 04:01:21
End Time: ongoing

First Event Seen: 2025-06-24 03:59:00
Last Event Seen: 2025-06-24 04:00:00

Further Details:
https://primary.nemo.geant.org/alerts/details/376383/

More information about the Nemo-ddos-list mailing list