[NeMo-DDoS-List] FW: [Geant NeMo] Analysis for Alert #215563 WARN: IUCC (AS378) - [Customer] [Email_Analysis] [IUCC]

Hank Nussbacher hank at mail.iucc.ac.il
Sat Oct 4 03:21:40 IDT 2025 



________________________________________
From: nemo-ddos at host.geant.org <nemo-ddos at host.geant.org>
Sent: Saturday, October 4, 2025 3:21:33 AM (UTC+02:00) Jerusalem
To: soc at geant.org
Subject: [Geant NeMo] Analysis for Alert #215563 WARN: IUCC (AS378) - [Customer] [Email_Analysis] [IUCC]

Please find the analysis details for the Alert ID: 215563

Top-10 Src IPs by Packets:
   Packets   Est. Rate   % of Total            Src IP
----------------------------------------------------
  37038600      123462        28.0%     52.222.136.15
   9967800       33226         7.5%    52.222.136.124
   8819400       29398         6.7%    52.222.136.125
   7687800       25626         5.8%     52.222.136.65
   4411200       14704         3.3%     132.66.46.209
   3484500       11615         2.6%   172.217.168.202
   3454500       11515         2.6%     132.74.243.81
   3255600       10852         2.5%      132.69.32.30
   2717400        9058         2.1%       132.70.19.4
   2601000        8670         2.0%   192.114.101.113

Top-10 Dst IPs by Packets:
   Packets   Est. Rate   % of Total            Dst IP
----------------------------------------------------
  63517500      211725        48.1%     132.70.60.180
   5269500       17565         4.0%     132.74.74.134
   3473700       11579         2.6%   142.250.180.138
   3403500       11345         2.6%     216.58.205.42
   2717400        9058         2.1%     20.209.177.33
   2007000        6690         1.5%     13.107.138.10
   1884900        6283         1.4%    142.251.209.42
   1390500        4635         1.1%     52.98.237.162
   1303800        4346         1.0%       132.70.19.4
   1183200        3944         0.9%    142.251.209.10

Top-10 Possible Targets by Bytes:
          Src IP   Src Port          Dst IP   Dst Port   Sampled Count
--------------------------------------------------------------------
                        443   132.70.60.180                93934890900
                              132.70.60.180                93934890900
   52.222.136.15        443                                54772236600
   52.222.136.15                                           54772236600
  52.222.136.124        443                                14742870000
  52.222.136.124                                           14742870000
  52.222.136.125        443                                13044586800
  52.222.136.125                                           13044586800
   52.222.136.65        443                                11370255000
   52.222.136.65                                           11370255000

Metric Info:
651k Packets/s

Alert Type:
time_window

Alert Description:
High packet rate.

Start Time: 2025-10-04 00:21:26
End Time: ongoing

First Event Seen: 2025-10-04 00:19:00
Last Event Seen: 2025-10-04 00:20:00

Further Details:
https://secondary.nemo.geant.org/alerts/details/215563/

More information about the Nemo-ddos-list mailing list