[NeMo-DDoS-List] FW: [Geant NeMo] Analysis for Alert #224583 WARN: IUCC (AS378) - [Customer] [Email_Analysis] [IUCC]

Sat Dec 13 21:47:26 IST 2025

________________________________________
From: nemo-ddos at host.geant.org <nemo-ddos at host.geant.org>
Sent: Saturday, December 13, 2025 9:47:16 PM (UTC+02:00) Jerusalem
To: soc at geant.org
Subject: [Geant NeMo] Analysis for Alert #224583 WARN: IUCC (AS378) - [Customer] [Email_Analysis] [IUCC]

Please find the analysis details for the Alert ID: 224583

Top-10 Src IPs by Packets:
  Packets   Est. Rate   % of Total            Src IP
---------------------------------------------------
  5575800       18586         2.7%     52.218.250.99
  4232400       14108         2.0%   142.251.141.234
  4131300       13771         2.0%    57.144.248.192
  4035900       13453         1.9%     194.50.16.158
  3443700       11479         1.6%    57.144.244.192
  3397500       11325         1.6%    157.240.253.63
  2665200        8884         1.3%         3.5.81.57
  2341800        7806         1.1%     13.107.138.10
  2049000        6830         1.0%        3.5.79.196
  2045100        6817         1.0%      157.240.0.63

Top-10 Dst IPs by Packets:
   Packets   Est. Rate   % of Total            Dst IP
----------------------------------------------------
  12437400       41458         5.9%   128.139.225.245
   9715800       32386         4.6%    132.64.192.202
   9004200       30014         4.3%     132.76.214.72
   7970400       26568         3.8%    132.76.221.250
   7878600       26262         3.7%    132.76.221.224
   7862400       26208         3.7%    132.76.223.183
   6565200       21884         3.1%    132.76.221.199
   6135900       20453         2.9%      132.76.222.0
   5439600       18132         2.6%    132.64.186.144
   4499100       14997         2.1%     128.139.200.5

Top-10 Possible Targets by Bytes:
  Src IP   Src Port            Dst IP   Dst Port   Sampled Count
--------------------------------------------------------------
                443     132.76.214.72                13272860100
                        132.76.214.72                13272860100
                      128.139.225.245                12164990700
                443    132.76.221.250                11755459200
                       132.76.221.250                11755459200
                443    132.76.221.224                11595312900
                       132.76.221.224                11595312900
                443    132.76.223.183                11567080200
                       132.76.223.183                11567080200
                443    132.76.221.199                 9682618200

Metric Info:
1M Packets/s

Alert Type:
time_window

Alert Description:
High packet rate.

Start Time: 2025-12-13 19:47:08
End Time: ongoing

First Event Seen: 2025-12-13 19:44:00
Last Event Seen: 2025-12-13 19:45:00

Further Details:
https://secondary.nemo.geant.org/alerts/details/224583/