[NeMo-DDoS-List] FW: [Geant NeMo] Analysis for Alert #366669 WARN: IUCC (AS378) - [Customer] [Email_Analysis] [IUCC]

Hank Nussbacher hank at mail.iucc.ac.il
Sat Mar 8 23:36:12 IST 2025 



________________________________________
From: nemo-ddos at host.geant.org <nemo-ddos at host.geant.org>
Sent: Saturday, March 8, 2025 11:19:35 PM (UTC+02:00) Jerusalem
To: soc at geant.org
Subject: [Geant NeMo] Analysis for Alert #366669 WARN: IUCC (AS378) - [Customer] [Email_Analysis] [IUCC]

Please find the analysis details for the Alert ID: 366669

Top-10 Src IPs by Packets:
   Packets   Est. Rate   % of Total            Src IP
----------------------------------------------------
  64061700      213539         9.5%     83.222.191.62
  11407500       38025         1.7%    142.251.209.10
   9362100       31207         1.4%   142.250.180.170
   8726400       29088         1.3%    38.107.236.100
   8012100       26707         1.2%    216.58.204.138
   6746400       22488         1.0%    216.58.204.234
   5895900       19653         0.9%    74.125.128.207
   5466000       18220         0.8%    46.105.153.138
   5418000       18060         0.8%    177.154.154.23
   5348700       17829         0.8%   142.250.180.138

Top-10 Dst IPs by Packets:
     Packets   Est. Rate   % of Total            Dst IP
------------------------------------------------------
  1802645700     6008819       266.1%    132.74.189.143
    14545800       48486         2.1%   128.139.225.244
     9918900       33063         1.5%     132.72.53.209
     9274800       30916         1.4%     132.66.37.140
     9167400       30558         1.4%    132.64.186.144
     8232300       27441         1.2%      132.66.37.68
     8043900       26813         1.2%     132.66.37.166
     5941200       19804         0.9%     132.74.38.117
     4963500       16545         0.7%     128.139.200.5
     3702300       12341         0.5%     128.139.200.4

Top-10 Possible Targets by Bytes:
  Src IP   Src Port           Dst IP   Dst Port   Sampled Count
-------------------------------------------------------------
                      132.74.189.143              1971558504000
                      132.74.189.143              1044825444000
                      132.74.189.143              1044102145200
                      132.74.189.143         80    725023834800
                 53   132.74.189.143               723668049600
                123   132.74.189.143               198520967100
                      132.74.189.143      42107     18325947600
                      132.74.189.143      34844     18249235200
                      132.74.189.143      33328     18153752400
                      132.74.189.143       3160     18140047200

Metric Info:
7M Packets/s

Alert Type:
time_window

Alert Description:
High packet rate

Start Time: 2025-03-08 21:13:08
End Time: ongoing

First Event Seen: 2025-03-08 21:10:00
Last Event Seen: 2025-03-08 21:17:00

Further Details:
https://primary.nemo.geant.org/alerts/details/366669/

More information about the Nemo-ddos-list mailing list