[NeMo-DDoS-List] FW: [Geant NeMo] Analysis for Alert #224915 CRIT: IUCC (AS378) - [Customer] [Email_Analysis] [IUCC]

Tue Dec 16 04:16:18 IST 2025

________________________________________
From: nemo-ddos at host.geant.org <nemo-ddos at host.geant.org>
Sent: Tuesday, December 16, 2025 4:16:12 AM (UTC+02:00) Jerusalem
To: soc at geant.org
Subject: [Geant NeMo] Analysis for Alert #224915 CRIT: IUCC (AS378) - [Customer] [Email_Analysis] [IUCC]

Please find the analysis details for the Alert ID: 224915

Top-10 Src IPs by Packets:
    Packets   Est. Rate   % of Total            Src IP
-----------------------------------------------------
  171300000      571000        32.1%    199.232.82.172
   41438700      138129         7.8%    146.75.118.172
   20824500       69415         3.9%    216.58.204.138
   19218600       64062         3.6%        132.74.3.3
   15243300       50811         2.9%   151.101.242.172
   12843600       42812         2.4%     132.73.124.72
   10254000       34180         1.9%      132.73.124.8
    7506300       25021         1.4%    132.73.124.132
    6427200       21424         1.2%     132.73.124.82
    6192600       20642         1.2%    132.73.124.112

Top-10 Dst IPs by Packets:
   Packets   Est. Rate   % of Total           Dst IP
---------------------------------------------------
  80833800      269446        15.2%   199.232.82.172
  31434600      104782         5.9%    132.73.124.72
  26324400       87748         4.9%     132.73.124.8
  23161800       77206         4.3%    132.73.124.32
  20014200       66714         3.8%   132.73.124.152
  19743600       65812         3.7%    132.74.56.157
  17116500       57055         3.2%   132.73.124.132
  14221800       47406         2.7%   132.73.124.112
  11569800       38566         2.2%    132.73.124.82
   9509700       31699         1.8%    132.73.124.96

Top-10 Possible Targets by Bytes:
          Src IP   Src Port          Dst IP   Dst Port   Sampled Count
--------------------------------------------------------------------
  199.232.82.172                                          245369786100
  199.232.82.172        443                               242336822100
  146.75.118.172                                           59370125100
  146.75.118.172        443                                59364576300
                              132.73.124.72                44526996300
                        443   132.73.124.72                44514396900
                               132.73.124.8                36494763900
                        443    132.73.124.8                36455353200
                              132.73.124.32                32769773100
                        443   132.73.124.32                32769624300

Metric Info:
1M Packets/s

Alert Type:
time_window

Alert Description:
High packet rate.

Start Time: 2025-12-16 02:12:00
End Time: ongoing

First Event Seen: 2025-12-16 02:09:00
Last Event Seen: 2025-12-16 02:14:00

Further Details:
https://secondary.nemo.geant.org/alerts/details/224915/