[NeMo-DDoS-List] FW: [Geant NeMo] Analysis for Alert #224494 WARN: IUCC (AS378) - [Customer] [Email_Analysis] [IUCC]

[Hank Nussbacher]

________________________________________
From: nemo-ddos at host.geant.org <nemo-ddos at host.geant.org>
Sent: Saturday, December 13, 2025 6:06:23 AM (UTC+02:00) Jerusalem
To: soc at geant.org
Subject: [Geant NeMo] Analysis for Alert #224494 WARN: IUCC (AS378) - [Customer] [Email_Analysis] [IUCC]

Please find the analysis details for the Alert ID: 224494

Top-10 Src IPs by Packets:
   Packets   Est. Rate   % of Total            Src IP
----------------------------------------------------
  24958200       83194        14.9%        132.74.3.2
  12518100       41727         7.5%        132.74.3.4
  10633200       35444         6.3%        132.74.3.3
   6049200       20164         3.6%      132.74.20.45
   4531500       15105         2.7%    199.232.82.172
   3248700       10829         1.9%       52.107.3.41
   2883900        9613         1.7%    216.58.204.234
   2785500        9285         1.7%   142.250.180.138
   2471100        8237         1.5%   159.223.209.115
   2202300        7341         1.3%     13.107.138.10

Top-10 Dst IPs by Packets:
   Packets   Est. Rate   % of Total          Dst IP
--------------------------------------------------
  13992600       46642         8.3%      16.12.13.7
   6536400       21788         3.9%      3.5.57.252
   6226500       20755         3.7%       3.5.56.25
   6019800       20066         3.6%   51.16.175.215
   5298300       17661         3.2%   132.74.56.132
   4363800       14546         2.6%      132.74.3.2
   3825900       12753         2.3%      3.5.57.201
   3781800       12606         2.3%      3.5.58.243
   2876700        9589         1.7%      16.12.14.7
   2844000        9480         1.7%   192.114.3.241

Top-10 Possible Targets by Bytes:
      Src IP   Src Port       Dst IP   Dst Port   Sampled Count
-------------------------------------------------------------
  132.74.3.2                                443     36212408100
  132.74.3.2                                        36212408100
                          16.12.13.7        443     20239170900
                          16.12.13.7                20239170900
  132.74.3.4                                443     18141982200
  132.74.3.4                                        18141982200
  132.74.3.3                                443     15370427100
  132.74.3.3                                        15370427100
                          3.5.57.252        443      9432046200
                          3.5.57.252                 9432046200

Metric Info:
970k Packets/s

Alert Type:
time_window

Alert Description:
High packet rate.

Start Time: 2025-12-13 04:06:09
End Time: ongoing

First Event Seen: 2025-12-13 04:03:00
Last Event Seen: 2025-12-13 04:04:00

Further Details:
https://secondary.nemo.geant.org/alerts/details/224494/