[NeMo-DDoS-List] FW: [Geant NeMo] Analysis for Alert #367207 WARN: IUCC (AS378) - [Email_Analysis] [Customer] [IUCC]

Hank Nussbacher hank at mail.iucc.ac.il
Wed Mar 12 19:23:02 IST 2025 



________________________________________
From: nemo-ddos at host.geant.org <nemo-ddos at host.geant.org>
Sent: Wednesday, March 12, 2025 7:22:53 PM (UTC+02:00) Jerusalem
To: soc at geant.org
Subject: [Geant NeMo] Analysis for Alert #367207 WARN: IUCC (AS378) - [Email_Analysis] [Customer] [IUCC]

Please find the analysis details for the Alert ID: 367207

Top-10 Src IPs by Packets:
   Packets   Est. Rate   % of Total                 Src IP
---------------------------------------------------------
  24922800       83076         5.3%        142.250.180.155
  22102500       73675         4.7%        142.251.143.123
  20376900       67923         4.3%        142.250.180.187
  20110200       67034         4.3%         216.58.204.251
  18332700       61109         3.9%         142.251.209.59
  18244800       60816         3.9%          216.58.205.59
  15571800       51906         3.3%         142.251.209.42
  12673200       42244         2.7%         142.251.209.27
  11904600       39682         2.5%   2001:bf8:900:d:2::71
  11142000       37140         2.4%          34.104.35.123

Top-10 Dst IPs by Packets:
   Packets   Est. Rate   % of Total            Dst IP
----------------------------------------------------
  60420600      201402        12.9%      132.76.221.9
  28500900       95003         6.1%    132.76.221.210
  27597600       91992         5.9%     132.76.220.85
  19858200       66194         4.2%      132.64.60.15
  19803300       66011         4.2%    132.76.221.145
  17648400       58828         3.8%      192.114.5.10
  15567600       51892         3.3%   128.139.225.244
   9515100       31717         2.0%     132.66.37.140
   9394200       31314         2.0%      132.76.61.53
   8792400       29308         1.9%      132.76.61.54

Top-10 Possible Targets by Bytes:
           Src IP   Src Port           Dst IP   Dst Port   Sampled Count
----------------------------------------------------------------------
                         443     132.76.221.9                86694256200
                                 132.76.221.9                86694256200
                         443   132.76.221.210                40774584600
                               132.76.221.210                40774584600
                         443    132.76.220.85                39578577900
                                132.76.220.85                39578577900
  142.250.180.155        443                                 35505411900
  142.250.180.155                                            35505411900
  142.251.143.123        443                                 31752755400
  142.251.143.123                                            31752755400

Metric Info:
1M Packets/s

Alert Type:
time_window

Alert Description:
High packet rate

Start Time: 2025-03-12 17:12:00
End Time: ongoing

First Event Seen: 2025-03-12 17:09:00
Last Event Seen: 2025-03-12 17:18:00

Further Details:
https://primary.nemo.geant.org/alerts/details/367207/

More information about the Nemo-ddos-list mailing list