[NeMo-DDoS-List] FW: [Geant NeMo] Analysis for Alert #223262 WARN: IUCC (AS378) - [Customer] [Email_Analysis] [IUCC]

Thu Dec 4 22:36:22 IST 2025

________________________________________
From: nemo-ddos at host.geant.org <nemo-ddos at host.geant.org>
Sent: Thursday, December 4, 2025 10:36:12 PM (UTC+02:00) Jerusalem
To: soc at geant.org
Subject: [Geant NeMo] Analysis for Alert #223262 WARN: IUCC (AS378) - [Customer] [Email_Analysis] [IUCC]

Please find the analysis details for the Alert ID: 223262

Top-10 Src IPs by Packets:
   Packets   Est. Rate   % of Total            Src IP
----------------------------------------------------
  85019400      283398        26.3%      2.22.209.187
  13971000       46570         4.3%     132.66.253.82
  11588700       38629         3.6%      170.114.45.1
  11332200       37774         3.5%      170.114.46.1
   6357000       21190         2.0%    192.178.203.91
   5577900       18593         1.7%   192.178.203.190
   5462400       18208         1.7%   192.178.203.136
   5110800       17036         1.6%      52.84.151.13
   5057400       16858         1.6%       52.107.3.41
   5039400       16798         1.6%    192.178.203.93

Top-10 Dst IPs by Packets:
   Packets   Est. Rate   % of Total            Dst IP
----------------------------------------------------
  13706700       45689         4.2%     132.66.253.82
  11465700       38219         3.5%   128.139.225.245
   5318700       17729         1.6%      170.114.45.1
   5287800       17626         1.6%      170.114.46.1
   5267400       17558         1.6%      132.76.61.53
   4922700       16409         1.5%      132.76.61.54
   3957300       13191         1.2%      132.76.61.51
   3806400       12688         1.2%     128.139.200.4
   3531600       11772         1.1%    192.114.23.221
   3513000       11710         1.1%    192.114.91.244

Top-10 Possible Targets by Bytes:
         Src IP   Src Port          Dst IP   Dst Port   Sampled Count
-------------------------------------------------------------------
   2.22.209.187        443                               127212374100
   2.22.209.187                                          127212374100
  132.66.253.82                                   443     19252095300
  132.66.253.82                                           19252095300
                       443   132.66.253.82                17396945400
                             132.66.253.82                17396945400
   170.114.45.1        443                                17118362700
   170.114.45.1                                           17118362700
   170.114.46.1        443                                16758433200
   170.114.46.1                                           16758433200

Metric Info:
1M Packets/s

Alert Type:
time_window

Alert Description:
High packet rate.

Start Time: 2025-12-04 20:36:02
End Time: ongoing

First Event Seen: 2025-12-04 20:33:00
Last Event Seen: 2025-12-04 20:34:00

Further Details:
https://secondary.nemo.geant.org/alerts/details/223262/