[NeMo-DDoS-List] FW: [Geant NeMo] Analysis for Alert #214978 WARN: IUCC (AS378) - [Customer] [Email_Analysis] [IUCC]

Hank Nussbacher hank at mail.iucc.ac.il
Fri Sep 26 13:48:18 IDT 2025 



________________________________________
From: nemo-ddos at host.geant.org <nemo-ddos at host.geant.org>
Sent: Friday, September 26, 2025 1:48:12 PM (UTC+02:00) Jerusalem
To: soc at geant.org
Subject: [Geant NeMo] Analysis for Alert #214978 WARN: IUCC (AS378) - [Customer] [Email_Analysis] [IUCC]

Please find the analysis details for the Alert ID: 214978

Top-10 Src IPs by Packets:
   Packets   Est. Rate   % of Total          Src IP
--------------------------------------------------
  14236200       47454         7.0%   23.213.161.12
  12301800       41006         6.0%    23.213.161.7
  10787100       35957         5.3%     23.48.23.31
   9180900       30603         4.5%   23.213.161.20
   7925100       26417         3.9%     23.48.23.39
   6703200       22344         3.3%     23.48.23.29
   6021600       20072         3.0%   23.213.161.22
   3954900       13183         1.9%     23.48.23.10
   3237300       10791         1.6%   162.125.69.14
   3230100       10767         1.6%    132.69.32.30

Top-10 Dst IPs by Packets:
  Packets   Est. Rate   % of Total            Dst IP
---------------------------------------------------
  6339300       21131         3.1%     132.65.180.31
  4879800       16266         2.4%     23.213.161.12
  4397100       14657         2.2%      23.213.161.7
  3589200       11964         1.8%    216.58.204.234
  3395400       11318         1.7%   128.139.225.245
  3241500       10805         1.6%    132.73.124.180
  3015600       10052         1.5%     23.213.161.20
  2914800        9716         1.4%     128.139.200.5
  2908500        9695         1.4%    192.114.49.250
  2841600        9472         1.4%     216.58.205.42

Top-10 Possible Targets by Bytes:
         Src IP   Src Port   Dst IP   Dst Port   Sampled Count
------------------------------------------------------------
  23.213.161.12        443                         21216018000
  23.213.161.12                                    21216018000
   23.213.161.7        443                         18341042100
   23.213.161.7                                    18341042100
    23.48.23.31                                    16094753100
    23.48.23.31        443                         16093403100
  23.213.161.20                                    13710132300
  23.213.161.20        443                         13689049500
    23.48.23.39        443                         11810975400
    23.48.23.39                                    11810975400

Metric Info:
1M Packets/s

Alert Type:
time_window

Alert Description:
High packet rate.

Start Time: 2025-09-26 10:47:51
End Time: ongoing

First Event Seen: 2025-09-26 10:45:00
Last Event Seen: 2025-09-26 10:46:00

Further Details:
https://secondary.nemo.geant.org/alerts/details/214978/

More information about the Nemo-ddos-list mailing list