[NeMo-DDoS-List] FW: [Geant NeMo] Analysis for Alert #381167 WARN: IUCC (AS378) - [Customer] [Email_Analysis] [IUCC]

Wed Aug 13 17:19:46 IDT 2025



________________________________________
From: nemo-ddos at host.geant.org <nemo-ddos at host.geant.org>
Sent: Wednesday, August 13, 2025 5:19:40 PM (UTC+02:00) Jerusalem
To: soc at geant.org
Subject: [Geant NeMo] Analysis for Alert #381167 WARN: IUCC (AS378) - [Customer] [Email_Analysis] [IUCC]

Please find the analysis details for the Alert ID: 381167

Top-10 Src IPs by Packets:
   Packets   Est. Rate   % of Total           Src IP
---------------------------------------------------
  16873200       56244         3.2%   95.101.122.138
  13834200       46114         2.6%    132.74.112.76
  11869800       39566         2.3%   23.220.255.161
  11055600       36852         2.1%   95.101.122.145
  11044500       36815         2.1%    132.73.124.48
  10869000       36230         2.1%   95.101.122.144
   8242800       27476         1.6%     132.73.124.8
   8228400       27428         1.6%    95.101.122.88
   8047200       26824         1.5%   23.220.255.188
   7856400       26188         1.5%   23.220.255.158

Top-10 Dst IPs by Packets:
   Packets   Est. Rate   % of Total           Dst IP
---------------------------------------------------
  30951300      103171         5.9%    132.73.124.48
  22255200       74184         4.2%     132.73.124.8
  16265100       54217         3.1%    132.73.124.60
  15529200       51764         2.9%   216.58.204.138
  12313800       41046         2.3%    132.65.180.21
  12275700       40919         2.3%    13.107.136.10
   9652500       32175         1.8%    132.73.124.72
   9587100       31957         1.8%    132.65.180.16
   7913100       26377         1.5%    132.73.124.40
   7782600       25942         1.5%   192.114.91.232

Top-10 Possible Targets by Bytes:
          Src IP   Src Port           Dst IP   Dst Port   Sampled Count
---------------------------------------------------------------------
                               132.73.124.48                46025805000
                        443    132.73.124.48                45788663400
                                132.73.124.8                31778536800
                        443     132.73.124.8                31708225800
  95.101.122.138        443                                 24224298300
  95.101.122.138                                            24224298300
                        443    132.73.124.60                23779413900
                               132.73.124.60                23779413900
                              216.58.204.138        443     21428731500
                              216.58.204.138                21428731500

Metric Info:
2M ACK Packets/s

Alert Type:
time_window

Alert Description:
High ACK packet rate

Start Time: 2025-08-13 14:16:30
End Time: ongoing

First Event Seen: 2025-08-13 14:14:00
Last Event Seen: 2025-08-13 14:18:00

Further Details:
https://primary.nemo.geant.org/alerts/details/381167/