[NeMo-DDoS-List] FW: [Geant NeMo] Analysis for Alert #224797 CRIT: IUCC (AS378) - [Customer] [Email_Analysis] [IUCC]

Hank Nussbacher hank at mail.iucc.ac.il
Mon Dec 15 04:15:18 IST 2025 



________________________________________
From: nemo-ddos at host.geant.org <nemo-ddos at host.geant.org>
Sent: Monday, December 15, 2025 4:15:11 AM (UTC+02:00) Jerusalem
To: soc at geant.org
Subject: [Geant NeMo] Analysis for Alert #224797 CRIT: IUCC (AS378) - [Customer] [Email_Analysis] [IUCC]

Please find the analysis details for the Alert ID: 224797

Top-10 Src IPs by Packets:
   Packets   Est. Rate   % of Total            Src IP
----------------------------------------------------
  51802500      172675        12.4%       23.41.187.5
  49824300      166081        11.9%      23.41.187.31
  33506700      111689         8.0%      2.23.231.234
  30378600      101262         7.3%    199.232.82.172
  28539600       95132         6.8%      2.23.231.161
  25441200       84804         6.1%   151.101.242.172
  11416200       38054         2.7%     104.156.155.7
  10547400       35158         2.5%      132.74.20.45
   4622100       15407         1.1%     170.64.168.77
   4534500       15115         1.1%        132.74.3.4

Top-10 Dst IPs by Packets:
   Packets   Est. Rate   % of Total           Dst IP
---------------------------------------------------
  25607400       85358         6.1%   132.73.124.236
  25318500       84395         6.1%    132.73.124.48
  24970200       83234         6.0%    132.73.124.68
  18710700       62369         4.5%    132.72.23.183
  18264900       60883         4.4%    132.73.124.72
  13413300       44711         3.2%     132.73.124.8
  11775600       39252         2.8%   199.232.82.172
  10368900       34563         2.5%    51.16.175.215
   9677400       32258         2.3%   132.73.124.152
   8481900       28273         2.0%    132.73.124.88

Top-10 Possible Targets by Bytes:
          Src IP   Src Port   Dst IP   Dst Port   Sampled Count
-------------------------------------------------------------
     23.41.187.5                                    77623500000
     23.41.187.5        443                         77623050000
    23.41.187.31        443                         74572158600
    23.41.187.31                                    74572158600
    2.23.231.234                                    50065070400
    2.23.231.234        443                         49861340400
  199.232.82.172                                    43045830300
    2.23.231.161                                    42640668300
    2.23.231.161        443                         42481622100
  199.232.82.172        443                         40468440600

Metric Info:
1M Packets/s

Alert Type:
time_window

Alert Description:
High packet rate.

Start Time: 2025-12-15 02:11:02
End Time: ongoing

First Event Seen: 2025-12-15 02:08:00
Last Event Seen: 2025-12-15 02:13:00

Further Details:
https://secondary.nemo.geant.org/alerts/details/224797/

More information about the Nemo-ddos-list mailing list