[NeMo-DDoS-List] FW: [Geant NeMo] Analysis for Alert #224800 WARN: IUCC (AS378) - [Customer] [Email_Analysis] [IUCC]

Hank Nussbacher hank at mail.iucc.ac.il
Mon Dec 15 06:06:39 IST 2025 



________________________________________
From: nemo-ddos at host.geant.org <nemo-ddos at host.geant.org>
Sent: Monday, December 15, 2025 6:06:32 AM (UTC+02:00) Jerusalem
To: soc at geant.org
Subject: [Geant NeMo] Analysis for Alert #224800 WARN: IUCC (AS378) - [Customer] [Email_Analysis] [IUCC]

Please find the analysis details for the Alert ID: 224800

Top-10 Src IPs by Packets:
   Packets   Est. Rate   % of Total                 Src IP
---------------------------------------------------------
  51802500      172675        14.8%            23.41.187.5
  49824300      166081        14.2%           23.41.187.31
  33506400      111688         9.5%           2.23.231.234
  30376800      101256         8.7%         199.232.82.172
  28539600       95132         8.1%           2.23.231.161
  25441200       84804         7.2%        151.101.242.172
   4534500       15115         1.3%             132.74.3.4
   4355700       14519         1.2%   2001:bf8:900:d:2::71
   3466500       11555         1.0%        142.250.180.138
   3179100       10597         0.9%             132.74.3.2

Top-10 Dst IPs by Packets:
   Packets   Est. Rate   % of Total           Dst IP
---------------------------------------------------
  25614000       85380         7.3%   132.73.124.236
  25319700       84399         7.2%    132.73.124.48
  24969900       83233         7.1%    132.73.124.68
  18710700       62369         5.3%    132.72.23.183
  18266700       60889         5.2%    132.73.124.72
  13412100       44707         3.8%     132.73.124.8
  11768100       39227         3.4%   199.232.82.172
   9680700       32269         2.8%   132.73.124.152
   8481300       28271         2.4%    132.73.124.88
   7068300       23561         2.0%   132.73.124.160

Top-10 Possible Targets by Bytes:
          Src IP   Src Port   Dst IP   Dst Port   Sampled Count
-------------------------------------------------------------
     23.41.187.5                                    77623500000
     23.41.187.5        443                         77623050000
    23.41.187.31        443                         74572158600
    23.41.187.31                                    74572158600
    2.23.231.234                                    50064710100
    2.23.231.234        443                         49860980100
  199.232.82.172                                    43211271900
    2.23.231.161                                    42640668300
    2.23.231.161        443                         42481622100
  199.232.82.172        443                         40634047800

Metric Info:
2M ACK Packets/s

Alert Type:
time_window

Alert Description:
High ACK packet rate.

Start Time: 2025-12-15 02:11:05
End Time: ongoing

First Event Seen: 2025-12-15 02:08:00
Last Event Seen: 2025-12-15 04:04:00

Further Details:
https://secondary.nemo.geant.org/alerts/details/224800/

More information about the Nemo-ddos-list mailing list