[NeMo-DDoS-List] FW: [Geant NeMo] Analysis for Alert #390341 WARN: IUCC (AS378) - [Customer] [Email_Analysis] [IUCC]

Hank Nussbacher hank at mail.iucc.ac.il
Fri Oct 24 12:12:50 IDT 2025 



________________________________________
From: nemo-ddos at host.geant.org <nemo-ddos at host.geant.org>
Sent: Friday, October 24, 2025 12:12:43 PM (UTC+02:00) Jerusalem
To: soc at geant.org
Subject: [Geant NeMo] Analysis for Alert #390341 WARN: IUCC (AS378) - [Customer] [Email_Analysis] [IUCC]

Please find the analysis details for the Alert ID: 390341

Top-10 Src IPs by Packets:
   Packets   Est. Rate   % of Total            Src IP
----------------------------------------------------
  12343200       41144         6.4%   165.227.143.188
   9811200       32704         5.1%   134.209.239.127
   9103800       30346         4.7%    64.226.126.211
   7756800       25856         4.0%     132.73.124.72
   7443900       24813         3.8%      132.64.58.79
   6116700       20389         3.2%      132.73.124.8
   5305200       17684         2.7%     132.73.124.48
   4813500       16045         2.5%     132.73.124.68
   4273800       14246         2.2%     192.114.3.241
   3471000       11570         1.8%    146.75.122.172

Top-10 Dst IPs by Packets:
   Packets   Est. Rate   % of Total            Dst IP
----------------------------------------------------
  33025800      110086        17.0%      23.41.187.31
  31408800      104696        16.2%       23.41.187.5
   7421400       24738         3.8%     20.150.37.228
   4813200       16044         2.5%   128.139.225.245
   4077900       13593         2.1%     13.107.138.10
   3282000       10940         1.7%    216.58.204.129
   2720100        9067         1.4%     20.209.177.33
   2714700        9049         1.4%     128.139.200.4
   2265000        7550         1.2%     128.139.200.5
   1918200        6394         1.0%     132.73.124.40

Top-10 Possible Targets by Bytes:
         Src IP   Src Port            Dst IP   Dst Port   Sampled Count
---------------------------------------------------------------------
   132.64.58.79                                             10944347400
   132.64.58.79                                     443     10942959900
                               20.150.37.228        443     10939749900
                               20.150.37.228                10939749900
                             128.139.225.245                 5962057200
  192.114.3.241                                              5855252400
  192.114.3.241                                     443      5853099000
                               13.107.138.10        443      5826848700
                               13.107.138.10                 5826848700
  192.114.3.241      41806                                   5597623200

Metric Info:
994k Packets/s

Alert Type:
time_window

Alert Description:
High packet rate

Start Time: 2025-10-24 09:12:17
End Time: ongoing

First Event Seen: 2025-10-24 09:10:00
Last Event Seen: 2025-10-24 09:11:00

Further Details:
https://primary.nemo.geant.org/alerts/details/390341/

More information about the Nemo-ddos-list mailing list