[NeMo-DDoS-List] FW: [Geant NeMo] Analysis for Alert #224797 WARN: IUCC (AS378) - [Customer] [Email_Analysis] [IUCC]

Hank Nussbacher hank at mail.iucc.ac.il
Mon Dec 15 04:11:18 IST 2025 



________________________________________
From: nemo-ddos at host.geant.org <nemo-ddos at host.geant.org>
Sent: Monday, December 15, 2025 4:11:11 AM (UTC+02:00) Jerusalem
To: soc at geant.org
Subject: [Geant NeMo] Analysis for Alert #224797 WARN: IUCC (AS378) - [Customer] [Email_Analysis] [IUCC]

Please find the analysis details for the Alert ID: 224797

Top-10 Src IPs by Packets:
   Packets   Est. Rate   % of Total                 Src IP
---------------------------------------------------------
  24580200       81934         9.9%            23.41.187.5
  23287800       77626         9.4%           23.41.187.31
  20797500       69325         8.4%           2.23.231.234
  17763000       59210         7.2%         199.232.82.172
  15779700       52599         6.4%           2.23.231.161
  11390700       37969         4.6%        151.101.242.172
  10332300       34441         4.2%           132.74.20.45
   7598100       25327         3.1%          104.156.155.7
   3269700       10899         1.3%          170.64.168.77
   3099900       10333         1.3%   2001:bf8:900:d:2::71

Top-10 Dst IPs by Packets:
   Packets   Est. Rate   % of Total           Dst IP
---------------------------------------------------
  14709600       49032         5.9%    132.72.23.183
  13120800       43736         5.3%    132.73.124.48
  12585900       41953         5.1%   132.73.124.236
  11142900       37143         4.5%    132.73.124.68
  10247700       34159         4.1%    51.16.175.215
   8285100       27617         3.3%    132.73.124.72
   6880800       22936         2.8%     132.73.124.8
   6442200       21474         2.6%   199.232.82.172
   5474100       18247         2.2%   132.73.124.152
   4142400       13808         1.7%   132.73.124.160

Top-10 Possible Targets by Bytes:
          Src IP   Src Port   Dst IP   Dst Port   Sampled Count
-------------------------------------------------------------
     23.41.187.5        443                         36827483700
     23.41.187.5                                    36827483700
    23.41.187.31        443                         34846300800
    23.41.187.31                                    34846300800
    2.23.231.234                                    31018359000
    2.23.231.234        443                         30851625300
  199.232.82.172                                    25197885000
    2.23.231.161                                    23543719200
    2.23.231.161        443                         23463846300
  199.232.82.172        443                         23175427200

Metric Info:
1M Packets/s

Alert Type:
time_window

Alert Description:
High packet rate.

Start Time: 2025-12-15 02:11:02
End Time: ongoing

First Event Seen: 2025-12-15 02:08:00
Last Event Seen: 2025-12-15 02:09:00

Further Details:
https://secondary.nemo.geant.org/alerts/details/224797/

More information about the Nemo-ddos-list mailing list