[NeMo-DDoS-List] FW: [Geant NeMo] Analysis for Alert #223518 WARN: IUCC (AS378) - [Customer] [Email_Analysis] [IUCC]

Sat Dec 6 06:06:17 IST 2025

________________________________________
From: nemo-ddos at host.geant.org <nemo-ddos at host.geant.org>
Sent: Saturday, December 6, 2025 6:06:10 AM (UTC+02:00) Jerusalem
To: soc at geant.org
Subject: [Geant NeMo] Analysis for Alert #223518 WARN: IUCC (AS378) - [Customer] [Email_Analysis] [IUCC]

Please find the analysis details for the Alert ID: 223518

Top-10 Src IPs by Packets:
   Packets   Est. Rate   % of Total           Src IP
---------------------------------------------------
  16662900       55543         9.1%       132.74.3.2
  10510800       35036         5.7%       132.74.3.3
   7298400       24328         4.0%     132.74.20.45
   4049400       13498         2.2%       132.74.3.4
   3444000       11480         1.9%   167.71.143.185
   3335400       11118         1.8%     79.124.49.10
   3293700       10979         1.8%   151.101.10.172
   3178200       10594         1.7%    132.64.244.87
   3062400       10208         1.7%     132.76.61.54
   2917500        9725         1.6%     23.41.187.24

Top-10 Dst IPs by Packets:
  Packets   Est. Rate   % of Total            Dst IP
---------------------------------------------------
  7606500       25355         4.2%        3.5.58.112
  7285800       24286         4.0%     51.16.175.215
  6869400       22898         3.8%     132.76.214.14
  5544300       18481         3.0%        16.12.13.3
  5294400       17648         2.9%     132.74.74.134
  5129400       17098         2.8%   192.114.101.113
  4447200       14824         2.4%        3.5.57.252
  4188900       13963         2.3%         3.5.57.49
  3761400       12538         2.1%      132.68.164.2
  3529500       11765         1.9%      132.76.61.54

Top-10 Possible Targets by Bytes:
        Src IP   Src Port          Dst IP   Dst Port   Sampled Count
------------------------------------------------------------------
    132.74.3.2                                   443     24141724200
    132.74.3.2                                           24141724200
    132.74.3.3                                   443     15189847800
    132.74.3.3                                           15189847800
                               3.5.58.112        443     11004794700
                               3.5.58.112                11004794700
  132.74.20.45       4500                                10723240800
  132.74.20.45                                  4500     10723240800
  132.74.20.45                                           10723240800
                     4500   51.16.175.215                10715131200

Metric Info:
882k Packets/s

Alert Type:
time_window

Alert Description:
High packet rate.

Start Time: 2025-12-06 04:05:59
End Time: ongoing

First Event Seen: 2025-12-06 04:03:00
Last Event Seen: 2025-12-06 04:04:00

Further Details:
https://secondary.nemo.geant.org/alerts/details/223518/