[NeMo-DDoS-List] FW: [Geant NeMo] Analysis for Alert #205887 WARN: IUCC (AS378) - [IUCC] [Email_Analysis] [Customer]

Hank Nussbacher hank at mail.iucc.ac.il
Fri May 30 07:44:09 IDT 2025 



________________________________________
From: nemo-ddos at host.geant.org <nemo-ddos at host.geant.org>
Sent: Friday, May 30, 2025 7:44:01 AM (UTC+02:00) Jerusalem
To: soc at geant.org
Subject: [Geant NeMo] Analysis for Alert #205887 WARN: IUCC (AS378) - [IUCC] [Email_Analysis] [Customer]

Please find the analysis details for the Alert ID: 205887

Top-10 Src IPs by Packets:
   Packets   Est. Rate   % of Total           Src IP
---------------------------------------------------
  58197000      193990        23.3%   146.75.122.172
  35643900      118813        14.3%     5.182.37.200
   9602700       32009         3.8%      2.19.198.48
   9353400       31178         3.7%    23.213.161.20
   8070900       26903         3.2%     23.213.161.7
   7614000       25380         3.1%     23.32.238.96
   6313500       21045         2.5%    216.58.205.42
   4650300       15501         1.9%    34.104.35.123
   3519300       11731         1.4%    162.125.69.14
   3102300       10341         1.2%   216.58.204.138

Top-10 Dst IPs by Packets:
  Packets   Est. Rate   % of Total            Dst IP
---------------------------------------------------
  6833100       22777         2.7%     132.74.56.132
  6742800       22476         2.7%      192.114.5.10
  3702600       12342         1.5%   128.139.225.244
  3413100       11377         1.4%     192.114.3.241
  3198000       10660         1.3%      132.70.60.72
  3022500       10075         1.2%     128.139.200.4
  2344500        7815         0.9%    132.71.124.148
  2330400        7768         0.9%     132.74.73.159
  2203500        7345         0.9%     132.71.124.43
  2149200        7164         0.9%    132.71.124.141

Top-10 Possible Targets by Bytes:
          Src IP   Src Port   Dst IP   Dst Port   Sampled Count
-------------------------------------------------------------
  146.75.122.172                                    83410136100
  146.75.122.172        443                         77296920600
     2.19.198.48        443                         14266866600
     2.19.198.48                                    14266866600
   23.213.161.20                                    14002552200
   23.213.161.20        443                         14002084200
    23.213.161.7        443                         12003845700
    23.213.161.7                                    12003845700
    23.32.238.96                                    11333454900
    23.32.238.96        443                         11328954900

Metric Info:
1M Packets/s

Alert Type:
time_window

Alert Description:
High packet rate.

Start Time: 2025-05-30 04:43:54
End Time: ongoing

First Event Seen: 2025-05-30 04:41:00
Last Event Seen: 2025-05-30 04:42:00

Further Details:
https://secondary.nemo.geant.org/alerts/details/205887/

More information about the Nemo-ddos-list mailing list