[NeMo-DDoS-List] FW: [Geant NeMo] Analysis for Alert #224798 WARN: IUCC (AS378) - [Customer] [Email_Analysis] [IUCC]
Hank Nussbacher
hank at mail.iucc.ac.il
Mon Dec 15 06:06:40 IST 2025
________________________________________
From: nemo-ddos at host.geant.org <nemo-ddos at host.geant.org>
Sent: Monday, December 15, 2025 6:06:33 AM (UTC+02:00) Jerusalem
To: soc at geant.org
Subject: [Geant NeMo] Analysis for Alert #224798 WARN: IUCC (AS378) - [Customer] [Email_Analysis] [IUCC]
Please find the analysis details for the Alert ID: 224798
Top-10 Src IPs by Packets:
Packets Est. Rate % of Total Src IP
---------------------------------------------------------
51802500 172675 13.4% 23.41.187.5
49824300 166081 12.9% 23.41.187.31
33506400 111688 8.7% 2.23.231.234
30376800 101256 7.8% 199.232.82.172
28539600 95132 7.4% 2.23.231.161
25441200 84804 6.6% 151.101.242.172
11416200 38054 2.9% 104.156.155.7
4622100 15407 1.2% 170.64.168.77
4534500 15115 1.2% 132.74.3.4
4355700 14519 1.1% 2001:bf8:900:d:2::71
Top-10 Dst IPs by Packets:
Packets Est. Rate % of Total Dst IP
---------------------------------------------------
25614300 85381 6.6% 132.73.124.236
25317900 84393 6.5% 132.73.124.48
24970200 83234 6.4% 132.73.124.68
18710700 62369 4.8% 132.72.23.183
18268200 60894 4.7% 132.73.124.72
13414500 44715 3.5% 132.73.124.8
11774400 39248 3.0% 199.232.82.172
9680700 32269 2.5% 132.73.124.152
8481600 28272 2.2% 132.73.124.88
7068300 23561 1.8% 132.73.124.160
Top-10 Possible Targets by Bytes:
Src IP Src Port Dst IP Dst Port Sampled Count
-------------------------------------------------------------
23.41.187.5 77623500000
23.41.187.5 443 77623050000
23.41.187.31 443 74572158600
23.41.187.31 74572158600
2.23.231.234 50064710100
2.23.231.234 443 49860980100
199.232.82.172 43211271900
2.23.231.161 42640668300
2.23.231.161 443 42481622100
199.232.82.172 443 40634047800
Metric Info:
2M TCP Packets/s
Alert Type:
time_window
Alert Description:
High TCP packet rate.
Start Time: 2025-12-15 02:11:02
End Time: ongoing
First Event Seen: 2025-12-15 02:08:00
Last Event Seen: 2025-12-15 04:03:00
Further Details:
https://secondary.nemo.geant.org/alerts/details/224798/
More information about the Nemo-ddos-list
mailing list