[NeMo-DDoS-List] FW: [Geant NeMo] Analysis for Alert #223739 WARN: IUCC (AS378) - [Customer] [Email_Analysis] [IUCC]

Hank Nussbacher hank at mail.iucc.ac.il
Mon Dec 8 02:26:22 IST 2025 



________________________________________
From: nemo-ddos at host.geant.org <nemo-ddos at host.geant.org>
Sent: Monday, December 8, 2025 2:26:14 AM (UTC+02:00) Jerusalem
To: soc at geant.org
Subject: [Geant NeMo] Analysis for Alert #223739 WARN: IUCC (AS378) - [Customer] [Email_Analysis] [IUCC]

Please find the analysis details for the Alert ID: 223739

Top-10 Src IPs by Packets:
    Packets   Est. Rate   % of Total            Src IP
-----------------------------------------------------
  133306800      444356        47.7%   142.251.140.110
    7903500       26345         2.8%     162.125.69.14
    5144100       17147         1.8%        132.74.3.4
    3653100       12177         1.3%        3.5.30.253
    3471900       11573         1.2%    54.231.192.217
    3094800       10316         1.1%   128.139.226.100
    3012300       10041         1.1%          3.5.22.9
    2928000        9760         1.0%      132.74.20.45
    2918700        9729         1.0%     172.217.19.42
    2908200        9694         1.0%     216.58.205.42

Top-10 Dst IPs by Packets:
   Packets   Est. Rate   % of Total            Dst IP
----------------------------------------------------
  17986800       59956         6.4%     132.73.124.68
  17579400       58598         6.3%     132.73.124.48
  16626600       55422         6.0%     132.73.124.72
  13226100       44087         4.7%   128.139.225.245
  12411000       41370         4.4%    132.73.124.236
  11194800       37316         4.0%     132.70.60.146
   8175600       27252         2.9%      132.76.61.51
   7822800       26076         2.8%      132.73.124.8
   6442200       21474         2.3%    132.73.124.112
   5259600       17532         1.9%     132.73.124.82

Top-10 Possible Targets by Bytes:
           Src IP   Src Port           Dst IP   Dst Port   Sampled Count
----------------------------------------------------------------------
  142.251.140.110                                           193204670700
  142.251.140.110        443                                193204617000
                                132.73.124.68                25657541700
                         443    132.73.124.68                25657271100
                                132.73.124.48                24615569700
                         443    132.73.124.48                24567863400
                                132.73.124.72                23516073600
                         443    132.73.124.72                23515739400
                               132.73.124.236                17142156000
                         443   132.73.124.236                17142118800

Metric Info:
1M Packets/s

Alert Type:
time_window

Alert Description:
High packet rate.

Start Time: 2025-12-08 00:26:06
End Time: ongoing

First Event Seen: 2025-12-08 00:23:00
Last Event Seen: 2025-12-08 00:24:00

Further Details:
https://secondary.nemo.geant.org/alerts/details/223739/

More information about the Nemo-ddos-list mailing list