[NeMo-DDoS-List] FW: [Geant NeMo] Analysis for Alert #366668 WARN: IUCC (AS378) - [Customer] [Email_Analysis] [IUCC]

Sat Mar 8 23:36:15 IST 2025



________________________________________
From: nemo-ddos at host.geant.org <nemo-ddos at host.geant.org>
Sent: Saturday, March 8, 2025 11:19:19 PM (UTC+02:00) Jerusalem
To: soc at geant.org
Subject: [Geant NeMo] Analysis for Alert #366668 WARN: IUCC (AS378) - [Customer] [Email_Analysis] [IUCC]

Please find the analysis details for the Alert ID: 366668

Top-10 Src IPs by Packets:
  Packets   Est. Rate   % of Total            Src IP
---------------------------------------------------
  8726400       29088         1.8%    38.107.236.100
  5466000       18220         1.1%    46.105.153.138
  5418000       18060         1.1%    177.154.154.23
  5279400       17598         1.1%      63.224.243.5
  5114100       17047         1.1%     42.191.97.120
  4995300       16651         1.0%      67.20.167.98
  4965000       16550         1.0%   192.162.102.197
  4815900       16053         1.0%         121.1.3.5
  4743600       15812         1.0%        58.26.3.54
  4474500       14915         0.9%     103.225.97.75

Top-10 Dst IPs by Packets:
     Packets   Est. Rate   % of Total            Dst IP
------------------------------------------------------
  1794931500     5983105       376.4%    132.74.189.143
     6135000       20450         1.3%   128.139.225.244
     3401700       11339         0.7%      51.16.227.58
     3211500       10705         0.7%     51.16.175.215
     1309500        4365         0.3%     192.114.52.14
     1289700        4299         0.3%    192.115.44.111
     1236000        4120         0.3%     192.114.52.12
     1042800        3476         0.2%     192.114.52.10
      948600        3162         0.2%      192.114.52.3
      872700        2909         0.2%      192.114.52.1

Top-10 Possible Targets by Bytes:
  Src IP   Src Port           Dst IP   Dst Port   Sampled Count
-------------------------------------------------------------
                      132.74.189.143              1971440767800
                      132.74.189.143              1045296777000
                      132.74.189.143              1045296756900
                      132.74.189.143         80    725798849100
                 53   132.74.189.143               724443596700
                123   132.74.189.143               200317946700
                      132.74.189.143      34844     18414486000
                      132.74.189.143      42107     18406256400
                      132.74.189.143      33328     18218617200
                      132.74.189.143       3160     18209404800

Metric Info:
6M UDP Packets/s

Alert Type:
time_window

Alert Description:
High UDP packet rate

Start Time: 2025-03-08 21:13:05
End Time: ongoing

First Event Seen: 2025-03-08 21:10:00
Last Event Seen: 2025-03-08 21:17:00

Further Details:
https://primary.nemo.geant.org/alerts/details/366668/