[NeMo-DDoS-List] FW: [Geant NeMo] Analysis for Alert #384789 WARN: IUCC (AS378) - [Customer] [Email_Analysis] [IUCC]

Hank Nussbacher hank at mail.iucc.ac.il
Tue Sep 9 02:49:50 IDT 2025 



________________________________________
From: nemo-ddos at host.geant.org <nemo-ddos at host.geant.org>
Sent: Tuesday, September 9, 2025 2:43:42 AM (UTC+02:00) Jerusalem
To: soc at geant.org
Subject: [Geant NeMo] Analysis for Alert #384789 WARN: IUCC (AS378) - [Customer] [Email_Analysis] [IUCC]

Please find the analysis details for the Alert ID: 384789

Top-10 Src IPs by Packets:
   Packets   Est. Rate   % of Total            Src IP
----------------------------------------------------
  61084200      203614        21.2%      23.41.187.24
  56619600      188732        19.7%      23.41.187.16
   7573200       25244         2.6%     132.73.124.48
   7149000       23830         2.5%     132.73.124.40
   5201400       17338         1.8%     132.73.124.72
   5059500       16865         1.8%     132.73.124.96
   4808400       16028         1.7%     132.73.124.82
   4241700       14139         1.5%      132.73.124.8
   4218300       14061         1.5%   142.250.179.170
   4123800       13746         1.4%     132.73.124.60

Top-10 Dst IPs by Packets:
   Packets   Est. Rate   % of Total          Dst IP
--------------------------------------------------
  29716800       99056        10.3%    23.41.187.24
  26236500       87455         9.1%    23.41.187.16
  16467300       54891         5.7%   132.73.124.40
  13943700       46479         4.8%   132.73.124.48
  11454900       38183         4.0%   132.73.124.72
  10754100       35847         3.7%   132.73.124.82
  10454700       34849         3.6%   132.73.124.96
   9629400       32098         3.3%   132.73.124.60
   8100000       27000         2.8%    132.73.124.8
   7025700       23419         2.4%   132.73.124.88

Top-10 Possible Targets by Bytes:
        Src IP   Src Port          Dst IP   Dst Port   Sampled Count
------------------------------------------------------------------
  23.41.187.24                                           91312685400
  23.41.187.24        443                                91310435400
  23.41.187.16        443                                84714399900
  23.41.187.16                                           84714399900
                            132.73.124.40                24200459400
                      443   132.73.124.40                24200388300
                            132.73.124.48                19143462300
                      443   132.73.124.48                19134618300
                            132.73.124.72                16270532100
                      443   132.73.124.72                16211998200

Metric Info:
1M Packets/s

Alert Type:
time_window

Alert Description:
High packet rate

Start Time: 2025-09-08 23:43:33
End Time: ongoing

First Event Seen: 2025-09-08 23:41:00
Last Event Seen: 2025-09-08 23:42:00

Further Details:
https://primary.nemo.geant.org/alerts/details/384789/

More information about the Nemo-ddos-list mailing list