[NeMo-DDoS-List] FW: [Geant NeMo] Analysis for Alert #224484 WARN: IUCC (AS378) - [Customer] [Email_Analysis] [IUCC]

Sat Dec 13 05:43:26 IST 2025

________________________________________
From: nemo-ddos at host.geant.org <nemo-ddos at host.geant.org>
Sent: Saturday, December 13, 2025 5:43:11 AM (UTC+02:00) Jerusalem
To: soc at geant.org
Subject: [Geant NeMo] Analysis for Alert #224484 WARN: IUCC (AS378) - [Customer] [Email_Analysis] [IUCC]

Please find the analysis details for the Alert ID: 224484

Top-10 Src IPs by Packets:
   Packets   Est. Rate   % of Total            Src IP
----------------------------------------------------
  22253400       74178        14.6%       65.9.175.95
  13476000       44920         8.9%      65.9.175.125
  13174800       43916         8.7%       65.9.175.17
  11456700       38189         7.5%   142.250.180.170
  10518300       35061         6.9%       65.9.175.44
   4023300       13411         2.6%       52.107.3.41
   2318700        7729         1.5%   159.223.209.115
   1659600        5532         1.1%   199.232.214.172
   1659300        5531         1.1%   199.232.210.172
   1293000        4310         0.9%     13.107.136.10

Top-10 Dst IPs by Packets:
   Packets   Est. Rate   % of Total            Dst IP
----------------------------------------------------
  59433300      198111        39.1%     132.70.60.180
  10545300       35151         6.9%     132.74.56.132
   2289900        7633         1.5%      132.76.61.51
   2280900        7603         1.5%     192.114.3.241
   2199300        7331         1.4%   128.139.225.245
   1945200        6484         1.3%      132.76.61.52
   1926000        6420         1.3%    132.64.192.202
   1653900        5513         1.1%     128.139.200.4
   1653000        5510         1.1%     132.64.222.92
   1590900        5303         1.0%     128.139.200.5

Top-10 Possible Targets by Bytes:
        Src IP   Src Port          Dst IP   Dst Port   Sampled Count
------------------------------------------------------------------
                            132.70.60.180                87796656600
                      443   132.70.60.180                87796611000
   65.9.175.95        443                                32878176900
   65.9.175.95                                           32878176900
  65.9.175.125        443                                19908048600
  65.9.175.125                                           19908048600
   65.9.175.17        443                                19461288000
   65.9.175.17                                           19461288000
   65.9.175.44        443                                15533364600
   65.9.175.44                                           15533364600

Metric Info:
987k Packets/s

Alert Type:
time_window

Alert Description:
High packet rate.

Start Time: 2025-12-13 03:43:02
End Time: ongoing

First Event Seen: 2025-12-13 03:40:00
Last Event Seen: 2025-12-13 03:41:00

Further Details:
https://secondary.nemo.geant.org/alerts/details/224484/