[NeMo-DDoS-List] FW: [Geant NeMo] Analysis for Alert #381168 WARN: IUCC (AS378) - [Customer] [Email_Analysis] [IUCC]

Wed Aug 13 17:16:54 IDT 2025



________________________________________
From: nemo-ddos at host.geant.org <nemo-ddos at host.geant.org>
Sent: Wednesday, August 13, 2025 5:16:41 PM (UTC+02:00) Jerusalem
To: soc at geant.org
Subject: [Geant NeMo] Analysis for Alert #381168 WARN: IUCC (AS378) - [Customer] [Email_Analysis] [IUCC]

Please find the analysis details for the Alert ID: 381168

Top-10 Src IPs by Packets:
   Packets   Est. Rate   % of Total           Src IP
---------------------------------------------------
  16248300       54161         3.6%   95.101.122.138
  13834200       46114         3.0%    132.74.112.76
  10869300       36231         2.4%   95.101.122.144
  10696200       35654         2.3%   95.101.122.145
  10219200       34064         2.2%   216.58.204.129
   8014500       26715         1.8%    95.101.122.88
   7582500       25275         1.7%   216.58.204.138
   7442700       24809         1.6%    95.101.122.91
   7205400       24018         1.6%   23.220.255.161
   6773100       22577         1.5%    132.73.124.48

Top-10 Dst IPs by Packets:
   Packets   Est. Rate   % of Total            Dst IP
----------------------------------------------------
  22630200       75434         4.9%     132.73.124.48
  16768500       55895         3.7%      132.73.124.8
  15564600       51882         3.4%    216.58.204.138
  11913900       39713         2.6%     132.73.124.60
  10319400       34398         2.3%     13.107.136.10
  10294800       34316         2.3%     132.65.180.21
  10112700       33709         2.2%    128.139.13.134
   7446000       24820         1.6%   192.114.101.113
   7001400       23338         1.5%     132.65.180.16
   6990900       23303         1.5%   128.139.225.244

Top-10 Possible Targets by Bytes:
          Src IP   Src Port           Dst IP   Dst Port   Sampled Count
---------------------------------------------------------------------
                               132.73.124.48                33610724100
                        443    132.73.124.48                33421204800
  95.101.122.138        443                                 24224298300
  95.101.122.138                                            24224298300
                                132.73.124.8                23353417200
                        443     132.73.124.8                23352786300
                              216.58.204.138                21494135400
                              216.58.204.138        443     21493989600
   132.74.112.76                                    443     20034615000
   132.74.112.76                                            20034615000

Metric Info:
2M Packets/s

Alert Type:
time_window

Alert Description:
High packet rate

Start Time: 2025-08-13 14:16:31
End Time: ongoing

First Event Seen: 2025-08-13 14:14:00
Last Event Seen: 2025-08-13 14:15:00

Further Details:
https://primary.nemo.geant.org/alerts/details/381168/