[NeMo-DDoS-List] FW: [Geant NeMo] Analysis for Alert #223727 WARN: IUCC (AS378) - [Customer] [Email_Analysis] [IUCC]

Hank Nussbacher hank at mail.iucc.ac.il
Mon Dec 8 00:20:24 IST 2025 



________________________________________
From: nemo-ddos at host.geant.org <nemo-ddos at host.geant.org>
Sent: Monday, December 8, 2025 12:20:12 AM (UTC+02:00) Jerusalem
To: soc at geant.org
Subject: [Geant NeMo] Analysis for Alert #223727 WARN: IUCC (AS378) - [Customer] [Email_Analysis] [IUCC]

Please find the analysis details for the Alert ID: 223727

Top-10 Src IPs by Packets:
   Packets   Est. Rate   % of Total            Src IP
----------------------------------------------------
  65011200      216704        18.4%     45.140.222.67
  49431000      164770        14.0%     45.140.222.63
  43060200      143534        12.2%     45.140.222.61
   6678300       22261         1.9%    57.144.248.192
   6420600       21402         1.8%    57.144.244.192
   6277200       20924         1.8%     162.125.69.14
   5814000       19380         1.6%    157.240.253.63
   4453500       14845         1.3%    172.217.23.202
   3973500       13245         1.1%   128.139.225.245
   2981700        9939         0.8%      132.74.20.45

Top-10 Dst IPs by Packets:
   Packets   Est. Rate   % of Total            Dst IP
----------------------------------------------------
  26309700       87699         7.5%   128.139.225.245
  19528200       65094         5.5%     132.70.60.146
   6847800       22826         1.9%      132.76.61.51
   6078600       20262         1.7%     128.139.200.5
   5864100       19547         1.7%     128.139.200.4
   4932600       16442         1.4%    132.64.186.144
   4494900       14983         1.3%     192.114.52.12
   4402800       14676         1.2%     132.74.74.134
   4361700       14539         1.2%      192.114.52.7
   3441000       11470         1.0%   128.139.225.228

Top-10 Possible Targets by Bytes:
          Src IP   Src Port            Dst IP   Dst Port   Sampled Count
----------------------------------------------------------------------
                              128.139.225.245                30966707700
                        443   128.139.225.245                29151441300
                        443     132.70.60.146                28511277000
                                132.70.60.146                28511277000
                                 132.76.61.51                 9671984700
                        443      132.76.61.51                 9671953500
   162.125.69.14        443                                   9313683900
   162.125.69.14                                              9313683900
  57.144.248.192        443                                   8505822600
  57.144.248.192                                              8505822600

Metric Info:
2M Packets/s

Alert Type:
time_window

Alert Description:
High packet rate.

Start Time: 2025-12-07 22:20:03
End Time: ongoing

First Event Seen: 2025-12-07 22:17:00
Last Event Seen: 2025-12-07 22:18:00

Further Details:
https://secondary.nemo.geant.org/alerts/details/223727/

More information about the Nemo-ddos-list mailing list