[NeMo-DDoS-List] FW: [Geant NeMo] Analysis for Alert #223518 CRIT: IUCC (AS378) - [Customer] [Email_Analysis] [IUCC]

Sat Dec 6 06:11:22 IST 2025

________________________________________
From: nemo-ddos at host.geant.org <nemo-ddos at host.geant.org>
Sent: Saturday, December 6, 2025 6:11:12 AM (UTC+02:00) Jerusalem
To: soc at geant.org
Subject: [Geant NeMo] Analysis for Alert #223518 CRIT: IUCC (AS378) - [Customer] [Email_Analysis] [IUCC]

Please find the analysis details for the Alert ID: 223518

Top-10 Src IPs by Packets:
   Packets   Est. Rate   % of Total            Src IP
----------------------------------------------------
  26354400       87848        11.4%        132.74.3.2
  16221300       54071         7.0%        132.74.3.3
   8425800       28086         3.6%      132.74.20.45
   7374300       24581         3.2%        132.74.3.4
   4620600       15402         2.0%    167.71.143.185
   3999000       13330         1.7%      79.124.49.10
   3794400       12648         1.6%   142.250.179.138
   3700500       12335         1.6%     132.64.244.87
   3435300       11451         1.5%    151.101.10.172
   3423600       11412         1.5%   149.165.224.215

Top-10 Dst IPs by Packets:
  Packets   Est. Rate   % of Total            Dst IP
---------------------------------------------------
  8413200       28044         3.6%     51.16.175.215
  8225100       27417         3.6%     132.76.214.14
  7606500       25355         3.3%        3.5.58.112
  7120500       23735         3.1%         3.5.57.49
  6420600       21402         2.8%   192.114.101.113
  6323100       21077         2.7%     132.74.74.134
  5995500       19985         2.6%        3.5.57.252
  5544300       18481         2.4%        16.12.13.3
  4120200       13734         1.8%        3.5.58.243
  4088700       13629         1.8%      132.76.61.54

Top-10 Possible Targets by Bytes:
        Src IP   Src Port          Dst IP   Dst Port   Sampled Count
------------------------------------------------------------------
    132.74.3.2                                   443     38171250900
    132.74.3.2                                           38171250900
    132.74.3.3                                   443     23435607300
    132.74.3.3                                           23435607300
  132.74.20.45       4500                                12380090400
  132.74.20.45                                  4500     12380090400
  132.74.20.45                                           12380090400
                     4500   51.16.175.215                12371980800
                            51.16.175.215       4500     12371980800
                            51.16.175.215                12371980800

Metric Info:
1M Packets/s

Alert Type:
time_window

Alert Description:
High packet rate.

Start Time: 2025-12-06 04:05:59
End Time: ongoing

First Event Seen: 2025-12-06 04:03:00
Last Event Seen: 2025-12-06 04:09:00

Further Details:
https://secondary.nemo.geant.org/alerts/details/223518/