[NeMo-DDoS-List] FW: [Geant NeMo] Analysis for Alert #224798 CRIT: IUCC (AS378) - [Customer] [Email_Analysis] [IUCC]

Mon Dec 15 06:10:22 IST 2025

________________________________________
From: nemo-ddos at host.geant.org <nemo-ddos at host.geant.org>
Sent: Monday, December 15, 2025 6:10:16 AM (UTC+02:00) Jerusalem
To: soc at geant.org
Subject: [Geant NeMo] Analysis for Alert #224798 CRIT: IUCC (AS378) - [Customer] [Email_Analysis] [IUCC]

Please find the analysis details for the Alert ID: 224798

Top-10 Src IPs by Packets:
   Packets   Est. Rate   % of Total                 Src IP
---------------------------------------------------------
  51802500      172675        13.4%            23.41.187.5
  49824300      166081        12.9%           23.41.187.31
  33506400      111688         8.7%           2.23.231.234
  30376800      101256         7.8%         199.232.82.172
  28539600       95132         7.4%           2.23.231.161
  25441200       84804         6.6%        151.101.242.172
  11416200       38054         2.9%          104.156.155.7
   4622100       15407         1.2%          170.64.168.77
   4534500       15115         1.2%             132.74.3.4
   4355700       14519         1.1%   2001:bf8:900:d:2::71

Top-10 Dst IPs by Packets:
   Packets   Est. Rate   % of Total           Dst IP
---------------------------------------------------
  25614300       85381         6.6%   132.73.124.236
  25317900       84393         6.5%    132.73.124.48
  24970200       83234         6.4%    132.73.124.68
  18710700       62369         4.8%    132.72.23.183
  18268200       60894         4.7%    132.73.124.72
  13414500       44715         3.5%     132.73.124.8
  11774400       39248         3.0%   199.232.82.172
   9680700       32269         2.5%   132.73.124.152
   8481600       28272         2.2%    132.73.124.88
   7068300       23561         1.8%   132.73.124.160

Top-10 Possible Targets by Bytes:
          Src IP   Src Port   Dst IP   Dst Port   Sampled Count
-------------------------------------------------------------
     23.41.187.5                                    77623500000
     23.41.187.5        443                         77623050000
    23.41.187.31        443                         74572158600
    23.41.187.31                                    74572158600
    2.23.231.234                                    50064710100
    2.23.231.234        443                         49860980100
  199.232.82.172                                    43211271900
    2.23.231.161                                    42640668300
    2.23.231.161        443                         42481622100
  199.232.82.172        443                         40634047800

Metric Info:
2M TCP Packets/s

Alert Type:
time_window

Alert Description:
High TCP packet rate.

Start Time: 2025-12-15 02:11:02
End Time: ongoing

First Event Seen: 2025-12-15 02:08:00
Last Event Seen: 2025-12-15 04:08:00

Further Details:
https://secondary.nemo.geant.org/alerts/details/224798/