[NeMo-DDoS-List] FW: [Geant NeMo] Analysis for Alert #204093 WARN: IUCC (AS378) - [IUCC] [Email_Analysis] [Customer]
Hank Nussbacher
hank at mail.iucc.ac.il
Thu May 1 06:02:59 IDT 2025
________________________________________
From: nemo-ddos at host.geant.org <nemo-ddos at host.geant.org>
Sent: Thursday, May 1, 2025 6:02:49 AM (UTC+02:00) Jerusalem
To: soc at geant.org
Subject: [Geant NeMo] Analysis for Alert #204093 WARN: IUCC (AS378) - [IUCC] [Email_Analysis] [Customer]
Please find the analysis details for the Alert ID: 204093
Top-10 Src IPs by Packets:
Packets Est. Rate % of Total Src IP
----------------------------------------------------
29583900 98613 13.6% 184.25.52.205
12533400 41778 5.8% 142.250.180.170
7714800 25716 3.5% 132.74.20.45
7525500 25085 3.5% 216.58.204.234
6991200 23304 3.2% 216.58.204.138
3971100 13237 1.8% 162.159.140.220
3716100 12387 1.7% 94.24.37.212
3623700 12079 1.7% 162.125.69.22
3512400 11708 1.6% 142.250.180.142
3225300 10751 1.5% 17.253.122.201
Top-10 Dst IPs by Packets:
Packets Est. Rate % of Total Dst IP
----------------------------------------------------
22791000 75970 10.5% 132.64.163.254
18857100 62857 8.7% 192.114.101.28
7714800 25716 3.5% 51.16.175.215
6604500 22015 3.0% 132.66.218.48
6162900 20543 2.8% 132.74.56.131
4968600 16562 2.3% 128.139.225.245
3736500 12455 1.7% 192.114.3.241
3716100 12387 1.7% 132.72.235.162
3608700 12029 1.7% 132.67.130.128
2718300 9061 1.2% 132.64.244.4
Top-10 Possible Targets by Bytes:
Src IP Src Port Dst IP Dst Port Sampled Count
----------------------------------------------------------------------
184.25.52.205 443 44159677500
184.25.52.205 44159677500
443 132.64.163.254 33088923000
132.64.163.254 33088923000
443 192.114.101.28 27460745100
192.114.101.28 27460745100
142.250.180.170 443 17923582200
142.250.180.170 17923582200
132.74.20.45 4500 11221920000
132.74.20.45 4500 11221920000
Metric Info:
1M Packets/s
Alert Type:
time_window
Alert Description:
High packet rate.
Start Time: 2025-05-01 03:02:41
End Time: ongoing
First Event Seen: 2025-05-01 03:00:00
Last Event Seen: 2025-05-01 03:01:00
Further Details:
https://secondary.nemo.geant.org/alerts/details/204093/
More information about the Nemo-ddos-list
mailing list