[NeMo-DDoS-List] FW: [Geant NeMo] Analysis for Alert #214646 CRIT: IUCC (AS378) - [Customer] [Email_Analysis] [IUCC]
Hank Nussbacher
hank at mail.iucc.ac.il
Mon Sep 22 17:58:15 IDT 2025
________________________________________
From: nemo-ddos at host.geant.org <nemo-ddos at host.geant.org>
Sent: Monday, September 22, 2025 5:58:06 PM (UTC+02:00) Jerusalem
To: soc at geant.org
Subject: [Geant NeMo] Analysis for Alert #214646 CRIT: IUCC (AS378) - [Customer] [Email_Analysis] [IUCC]
Please find the analysis details for the Alert ID: 214646
Top-10 Src IPs by Packets:
Packets Est. Rate % of Total Src IP
---------------------------------------------------------
93703800 312346 38.1% 109.205.211.35
13865400 46218 5.6% 132.74.112.76
7901700 26339 3.2% 2001:bf8:900:d:2::71
6519000 21730 2.7% 142.251.209.42
5361300 17871 2.2% 132.73.124.48
4961400 16538 2.0% 149.165.224.213
4635000 15450 1.9% 194.180.48.154
4572000 15240 1.9% 104.83.83.214
4571100 15237 1.9% 192.114.3.241
2811300 9371 1.1% 162.125.69.14
Top-10 Dst IPs by Packets:
Packets Est. Rate % of Total Dst IP
------------------------------------------------------------------
14670600 48902 6.0% 142.251.209.42
6984000 23280 2.8% 162.125.69.14
4963200 16544 2.0% 192.114.101.113
4828200 16094 2.0% 128.139.225.245
4597500 15325 1.9% 13.107.138.10
4147800 13826 1.7% 132.74.112.76
3435900 11453 1.4% 128.139.200.4
2690100 8967 1.1% 2001:1470:ff8a:6d:d14::3
2649000 8830 1.1% 192.114.3.241
2614800 8716 1.1% 2001:1470:ff94:d:153:5:68:161
Top-10 Possible Targets by Bytes:
Src IP Src Port Dst IP Dst Port Sampled Count
---------------------------------------------------------------------------
142.251.209.42 443 20224651200
142.251.209.42 20224651200
132.74.112.76 443 20097130500
132.74.112.76 20097130500
132.74.112.76 58202 20096846400
58202 142.251.209.42 20096846400
2001:bf8:900:d:2::71 8443 11724040200
2001:bf8:900:d:2::71 11724040200
162.125.69.14 443 9474681300
162.125.69.14 9474681300
Metric Info:
1M Packets/s
Alert Type:
time_window
Alert Description:
High packet rate.
Start Time: 2025-09-22 14:53:47
End Time: ongoing
First Event Seen: 2025-09-22 14:51:00
Last Event Seen: 2025-09-22 14:56:00
Further Details:
https://secondary.nemo.geant.org/alerts/details/214646/
More information about the Nemo-ddos-list
mailing list