[NeMo-DDoS-List] FW: [Geant NeMo] Analysis for Alert #367206 WARN: IUCC (AS378) - [Email_Analysis] [Customer] [IUCC]

Wed Mar 12 19:22:57 IST 2025



________________________________________
From: nemo-ddos at host.geant.org <nemo-ddos at host.geant.org>
Sent: Wednesday, March 12, 2025 7:22:49 PM (UTC+02:00) Jerusalem
To: soc at geant.org
Subject: [Geant NeMo] Analysis for Alert #367206 WARN: IUCC (AS378) - [Email_Analysis] [Customer] [IUCC]

Please find the analysis details for the Alert ID: 367206

Top-10 Src IPs by Packets:
   Packets   Est. Rate   % of Total                 Src IP
---------------------------------------------------------
  24922800       83076         5.9%        142.250.180.155
  22102500       73675         5.2%        142.251.143.123
  20376600       67922         4.8%        142.250.180.187
  20108400       67028         4.7%         216.58.204.251
  18332700       61109         4.3%         142.251.209.59
  18244800       60816         4.3%          216.58.205.59
  15422100       51407         3.6%         142.251.209.42
  12673200       42244         3.0%         142.251.209.27
  11904600       39682         2.8%   2001:bf8:900:d:2::71
  11142000       37140         2.6%          34.104.35.123

Top-10 Dst IPs by Packets:
   Packets   Est. Rate   % of Total            Dst IP
----------------------------------------------------
  60420600      201402        14.2%      132.76.221.9
  28500900       95003         6.7%    132.76.221.210
  27597600       91992         6.5%     132.76.220.85
  19858200       66194         4.7%      132.64.60.15
  19803300       66011         4.7%    132.76.221.145
  15878100       52927         3.7%      192.114.5.10
   9515100       31717         2.2%     132.66.37.140
   9421500       31405         2.2%      132.76.61.53
   9343500       31145         2.2%   128.139.225.244
   8821800       29406         2.1%      132.76.61.54

Top-10 Possible Targets by Bytes:
           Src IP   Src Port           Dst IP   Dst Port   Sampled Count
----------------------------------------------------------------------
                         443     132.76.221.9                86694256200
                                 132.76.221.9                86694256200
                         443   132.76.221.210                40774584600
                               132.76.221.210                40774584600
                         443    132.76.220.85                39578577900
                                132.76.220.85                39578577900
  142.250.180.155        443                                 35505411900
  142.250.180.155                                            35505411900
  142.251.143.123        443                                 31752755400
  142.251.143.123                                            31752755400

Metric Info:
1M TCP Packets/s

Alert Type:
time_window

Alert Description:
High TCP packet rate

Start Time: 2025-03-12 17:12:00
End Time: ongoing

First Event Seen: 2025-03-12 17:09:00
Last Event Seen: 2025-03-12 17:18:00

Further Details:
https://primary.nemo.geant.org/alerts/details/367206/