[NeMo-DDoS-List] FW: [Geant NeMo] Analysis for Alert #221042 CRIT: IUCC (AS378) - [Customer] [Email_Analysis] [IUCC]
Hank Nussbacher
hank at mail.iucc.ac.il
Fri Nov 14 06:09:56 IST 2025
________________________________________
From: nemo-ddos at host.geant.org <nemo-ddos at host.geant.org>
Sent: Friday, November 14, 2025 6:09:50 AM (UTC+02:00) Jerusalem
To: soc at geant.org
Subject: [Geant NeMo] Analysis for Alert #221042 CRIT: IUCC (AS378) - [Customer] [Email_Analysis] [IUCC]
Please find the analysis details for the Alert ID: 221042
Top-10 Src IPs by Packets:
Packets Est. Rate % of Total Src IP
----------------------------------------------------
69969600 233232 19.7% 132.74.3.2
38999700 129999 11.0% 132.74.3.3
28520700 95069 8.0% 132.74.3.4
12831000 42770 3.6% 142.251.209.42
11094900 36983 3.1% 132.74.20.45
9023700 30079 2.5% 142.250.180.170
7116600 23722 2.0% 51.17.9.57
6525900 21753 1.8% 199.232.82.172
6398100 21327 1.8% 216.58.204.138
6038100 20127 1.7% 91.239.216.15
Top-10 Dst IPs by Packets:
Packets Est. Rate % of Total Dst IP
--------------------------------------------------
17032200 56774 4.8% 3.5.56.207
15477300 51591 4.4% 132.74.56.157
12693900 42313 3.6% 3.5.58.40
11460600 38202 3.2% 3.5.58.243
11094600 36982 3.1% 51.16.175.215
10634400 35448 3.0% 132.74.3.2
10609200 35364 3.0% 132.74.56.132
10418700 34729 2.9% 3.5.57.49
10241700 34139 2.9% 16.12.12.22
10210800 34036 2.9% 3.5.56.25
Top-10 Possible Targets by Bytes:
Src IP Src Port Dst IP Dst Port Sampled Count
----------------------------------------------------------------
132.74.3.2 443 101439336000
132.74.3.2 101439336000
132.74.3.3 443 56459217600
132.74.3.3 56459217600
132.74.3.4 443 41388120600
132.74.3.4 41388120600
443 132.74.56.157 22454253300
132.74.56.157 22454253300
3.5.56.207 443 22191919200
3.5.56.207 22191919200
Metric Info:
1M Packets/s
Alert Type:
time_window
Alert Description:
High packet rate.
Start Time: 2025-11-14 04:05:39
End Time: ongoing
First Event Seen: 2025-11-14 04:03:00
Last Event Seen: 2025-11-14 04:08:00
Further Details:
https://secondary.nemo.geant.org/alerts/details/221042/
More information about the Nemo-ddos-list
mailing list