[NeMo-DDoS-List] FW: [Geant NeMo] Analysis for Alert #204238 WARN: IUCC (AS378) - [IUCC] [Email_Analysis] [Customer]

[Hank Nussbacher]

________________________________________
From: nemo-ddos at host.geant.org <nemo-ddos at host.geant.org>
Sent: Saturday, May 3, 2025 6:10:54 PM (UTC+02:00) Jerusalem
To: soc at geant.org
Subject: [Geant NeMo] Analysis for Alert #204238 WARN: IUCC (AS378) - [IUCC] [Email_Analysis] [Customer]

Please find the analysis details for the Alert ID: 204238

Top-10 Src IPs by Packets:
   Packets   Est. Rate   % of Total                     Src IP
-------------------------------------------------------------
  34934400      116448        10.5%   2a00:1450:4002:415::201b
  34754700      115849        10.4%   2a00:1450:4002:414::201b
  29604300       98681         8.9%   2a00:1450:4002:411::201b
  28317000       94390         8.5%   2a00:1450:4002:416::201b
   6855900       22853         2.1%               172.66.0.218
   5158200       17194         1.6%               3.164.182.30
   5102100       17007         1.5%               3.160.196.28
   4587600       15292         1.4%              162.125.69.15
   4578900       15263         1.4%              216.58.205.59
   4464300       14881         1.3%              216.58.205.42

Top-10 Dst IPs by Packets:
   Packets   Est. Rate   % of Total                 Dst IP
---------------------------------------------------------
  10304700       34349         3.1%   2001:bf8:900:d:1::1a
  10005900       33353         3.0%    2001:bf8:900:d:1::a
   9687300       32291         2.9%        128.139.225.245
   9151500       30505         2.8%   2001:bf8:900:d:1::14
   9057000       30190         2.7%   2001:bf8:900:d:1::11
   8211000       27370         2.5%         192.114.101.36
   7919700       26399         2.4%   2001:bf8:900:d:1::e6
   7566300       25221         2.3%         192.114.101.27
   7471500       24905         2.2%   2001:bf8:900:d:1::2c
   7445400       24818         2.2%           132.68.38.42

Top-10 Possible Targets by Bytes:
                    Src IP   Src Port                Dst IP   Dst Port   Sampled Count
------------------------------------------------------------------------------------
  2a00:1450:4002:415::201b        443                                      44340777000
  2a00:1450:4002:415::201b                                                 44340777000
  2a00:1450:4002:414::201b        443                                      44046200700
  2a00:1450:4002:414::201b                                                 44046200700
  2a00:1450:4002:411::201b        443                                      37570031400
  2a00:1450:4002:411::201b                                                 37570031400
  2a00:1450:4002:416::201b        443                                      35856436200
  2a00:1450:4002:416::201b                                                 35856436200
                                  443   2001:bf8:900:d:1::a                12700757400
                                        2001:bf8:900:d:1::a                12700757400

Metric Info:
1M Packets/s

Alert Type:
time_window

Alert Description:
High packet rate.

Start Time: 2025-05-03 15:10:44
End Time: ongoing

First Event Seen: 2025-05-03 15:07:00
Last Event Seen: 2025-05-03 15:09:00

Further Details:
https://secondary.nemo.geant.org/alerts/details/204238/