[NeMo-DDoS-List] FW: [Geant NeMo] Analysis for Alert #376383 CRIT: IUCC (AS378) - [Customer] [Email_Analysis] [IUCC]

Hank Nussbacher hank at mail.iucc.ac.il
Tue Jun 24 07:05:48 IDT 2025 



________________________________________
From: nemo-ddos at host.geant.org <nemo-ddos at host.geant.org>
Sent: Tuesday, June 24, 2025 7:05:41 AM (UTC+02:00) Jerusalem
To: soc at geant.org
Subject: [Geant NeMo] Analysis for Alert #376383 CRIT: IUCC (AS378) - [Customer] [Email_Analysis] [IUCC]

Please find the analysis details for the Alert ID: 376383

Top-10 Src IPs by Packets:
    Packets   Est. Rate   % of Total           Src IP
----------------------------------------------------
  110643600      368812        13.9%    62.204.42.124
  102466800      341556        12.9%     31.172.80.90
   68569500      228565         8.6%     43.250.53.25
   65304600      217682         8.2%   195.160.220.89
   64725900      215753         8.1%     5.39.217.109
   44834400      149448         5.6%    84.238.133.19
   42573300      141911         5.3%      85.17.90.43
   38557800      128526         4.8%   185.244.128.79
   20863200       69544         2.6%    91.235.234.48
   17951400       59838         2.3%    185.204.52.33

Top-10 Dst IPs by Packets:
  Packets   Est. Rate   % of Total            Dst IP
---------------------------------------------------
  6998700       23329         0.9%     132.70.226.91
  6937800       23126         0.9%     132.71.146.63
  5573400       18578         0.7%     132.66.253.21
  5073600       16912         0.6%      132.74.73.29
  4961700       16539         0.6%     132.68.111.84
  4646700       15489         0.6%     132.74.74.134
  3736500       12455         0.5%   128.139.225.244
  3151200       10504         0.4%     51.16.175.215
  2826000        9420         0.4%    132.71.138.160
  2271300        7571         0.3%         3.5.56.12

Top-10 Possible Targets by Bytes:
         Src IP   Src Port          Dst IP   Dst Port   Sampled Count
-------------------------------------------------------------------
     132.74.3.3                                   443     12346101000
     132.74.3.3                                           12346101000
   184.25.53.43        443                                11132903100
   184.25.53.43                                           11132903100
                       443   132.71.146.63                10372668000
                             132.71.146.63                10372668000
                       443   132.70.226.91                10341840600
                             132.70.226.91                10341840600
  52.222.236.74        443                                10339803000
  52.222.236.74                                 55764     10339803000

Metric Info:
6M Packets/s

Alert Type:
time_window

Alert Description:
High packet rate

Start Time: 2025-06-24 04:01:21
End Time: ongoing

First Event Seen: 2025-06-24 03:59:00
Last Event Seen: 2025-06-24 04:04:00

Further Details:
https://primary.nemo.geant.org/alerts/details/376383/

More information about the Nemo-ddos-list mailing list