[NeMo-DDoS-List] FW: [Geant NeMo] Analysis for Alert #217227 WARN: IUCC (AS378) - [Customer] [Email_Analysis] [IUCC]
Hank Nussbacher
hank at mail.iucc.ac.il
Sat Oct 18 12:07:35 IDT 2025
________________________________________
From: nemo-ddos at host.geant.org <nemo-ddos at host.geant.org>
Sent: Saturday, October 18, 2025 12:07:27 PM (UTC+02:00) Jerusalem
To: soc at geant.org
Subject: [Geant NeMo] Analysis for Alert #217227 WARN: IUCC (AS378) - [Customer] [Email_Analysis] [IUCC]
Please find the analysis details for the Alert ID: 217227
Top-10 Src IPs by Packets:
Packets Est. Rate % of Total Src IP
---------------------------------------------------------
32830800 109436 16.6% 2001:bf8:900:d:2::71
11437200 38124 5.8% 165.227.143.188
10279500 34265 5.2% 134.209.239.127
9317400 31058 4.7% 64.226.126.211
7757700 25859 3.9% 132.73.124.68
6053700 20179 3.1% 132.73.124.72
5783100 19277 2.9% 192.114.16.232
4441500 14805 2.3% 132.73.124.8
4212000 14040 2.1% 132.73.124.48
4186200 13954 2.1% 132.66.53.14
Top-10 Dst IPs by Packets:
Packets Est. Rate % of Total Dst IP
-------------------------------------------------------------
27009900 90033 13.7% 23.41.187.31
26830500 89435 13.6% 23.41.187.5
8283600 27612 4.2% 2001:1470:ff8a:6d:dc::18
6663900 22213 3.4% 128.139.225.245
5783100 19277 2.9% 162.125.69.14
4384200 14614 2.2% 2001:1470:ff8a:6d:dc::17
4298400 14328 2.2% 2001:1470:ff8a:6d:d14::7
4185000 13950 2.1% 142.250.180.175
4156500 13855 2.1% 2001:1470:ff8a:6d:d14::8
4126500 13755 2.1% 2001:1470:ff8a:6d:d14::1
Top-10 Possible Targets by Bytes:
Src IP Src Port Dst IP Dst Port Sampled Count
-------------------------------------------------------------------------------------
2001:bf8:900:d:2::71 8443 49100277600
2001:bf8:900:d:2::71 49100277600
8443 2001:1470:ff8a:6d:dc::18 12390552600
2001:1470:ff8a:6d:dc::18 12390552600
128.139.225.245 8005665900
192.114.16.232 53510 7644203100
192.114.16.232 443 7644203100
192.114.16.232 7644203100
53510 162.125.69.14 7644203100
162.125.69.14 443 7644203100
Metric Info:
1M Packets/s
Alert Type:
time_window
Alert Description:
High packet rate.
Start Time: 2025-10-18 09:07:15
End Time: ongoing
First Event Seen: 2025-10-18 09:05:00
Last Event Seen: 2025-10-18 09:06:00
Further Details:
https://secondary.nemo.geant.org/alerts/details/217227/
More information about the Nemo-ddos-list
mailing list