[NeMo-DDoS-List] FW: [Geant NeMo] Analysis for Alert #224915 WARN: IUCC (AS378) - [Customer] [Email_Analysis] [IUCC]

Hank Nussbacher hank at mail.iucc.ac.il
Tue Dec 16 04:12:18 IST 2025 



________________________________________
From: nemo-ddos at host.geant.org <nemo-ddos at host.geant.org>
Sent: Tuesday, December 16, 2025 4:12:09 AM (UTC+02:00) Jerusalem
To: soc at geant.org
Subject: [Geant NeMo] Analysis for Alert #224915 WARN: IUCC (AS378) - [Customer] [Email_Analysis] [IUCC]

Please find the analysis details for the Alert ID: 224915

Top-10 Src IPs by Packets:
    Packets   Est. Rate   % of Total            Src IP
-----------------------------------------------------
  110447700      368159        34.8%    199.232.82.172
   14625000       48750         4.6%    216.58.204.138
   14130900       47103         4.5%        132.74.3.3
   13627500       45425         4.3%    146.75.118.172
    7291200       24304         2.3%     132.73.124.72
    5805300       19351         1.8%      132.73.124.8
    4255800       14186         1.3%   142.251.142.202
    3901800       13006         1.2%    132.73.124.132
    3836700       12789         1.2%     132.73.124.82
    3617100       12057         1.1%     132.73.124.32

Top-10 Dst IPs by Packets:
   Packets   Est. Rate   % of Total           Dst IP
---------------------------------------------------
  46971000      156570        14.8%   199.232.82.172
  15596700       51989         4.9%    132.73.124.72
  13872000       46240         4.4%    132.74.56.157
  13691400       45638         4.3%     132.73.124.8
  11787600       39292         3.7%    132.73.124.32
   9719400       32398         3.1%   132.73.124.152
   8444700       28149         2.7%   132.73.124.132
   7845300       26151         2.5%   132.73.124.112
   6555900       21853         2.1%    132.73.124.82
   5623500       18745         1.8%    132.73.124.96

Top-10 Possible Targets by Bytes:
          Src IP   Src Port          Dst IP   Dst Port   Sampled Count
--------------------------------------------------------------------
  199.232.82.172                                          158174693400
  199.232.82.172        443                               155779735800
                              132.73.124.72                21760793400
                        443   132.73.124.72                21755632200
      132.74.3.3                                   443     20572893000
      132.74.3.3                                           20572893000
  216.58.204.138        443                                20299355400
  216.58.204.138                                           20299355400
                        443   132.74.56.157                20105952000
                              132.74.56.157                20105952000

Metric Info:
1M Packets/s

Alert Type:
time_window

Alert Description:
High packet rate.

Start Time: 2025-12-16 02:12:00
End Time: ongoing

First Event Seen: 2025-12-16 02:09:00
Last Event Seen: 2025-12-16 02:10:00

Further Details:
https://secondary.nemo.geant.org/alerts/details/224915/

More information about the Nemo-ddos-list mailing list