[NeMo-DDoS-List] FW: [Geant NeMo] Analysis for Alert #225013 WARN: IUCC (AS378) - [Customer] [Email_Analysis] [IUCC]

Hank Nussbacher hank at mail.iucc.ac.il
Tue Dec 16 21:24:25 IST 2025 



________________________________________
From: nemo-ddos at host.geant.org <nemo-ddos at host.geant.org>
Sent: Tuesday, December 16, 2025 9:24:15 PM (UTC+02:00) Jerusalem
To: soc at geant.org
Subject: [Geant NeMo] Analysis for Alert #225013 WARN: IUCC (AS378) - [Customer] [Email_Analysis] [IUCC]

Please find the analysis details for the Alert ID: 225013

Top-10 Src IPs by Packets:
   Packets   Est. Rate   % of Total           Src IP
---------------------------------------------------
  21537300       71791         6.4%     65.9.175.125
  20166600       67222         6.0%      65.9.175.17
  19638000       65460         5.8%      65.9.175.95
  19553100       65177         5.8%      65.9.175.44
  15595800       51986         4.6%    132.68.74.140
  10937700       36459         3.2%     104.18.8.118
  10345200       34484         3.1%    132.66.253.82
   6841800       22806         2.0%   57.144.248.192
   6791700       22639         2.0%   132.73.124.232
   5817000       19390         1.7%     52.84.151.30

Top-10 Dst IPs by Packets:
   Packets   Est. Rate   % of Total            Dst IP
----------------------------------------------------
  80825400      269418        24.0%     132.70.60.180
  13596300       45321         4.0%    132.64.192.202
  13583700       45279         4.0%   128.139.225.245
  13347600       44492         4.0%    132.73.124.232
  11892300       39641         3.5%     132.66.253.82
   6768300       22561         2.0%     128.139.200.4
   6600300       22001         2.0%     132.76.80.227
   6270600       20902         1.9%     128.139.200.5
   6044400       20148         1.8%      104.18.8.118
   4806600       16022         1.4%    132.64.186.144

Top-10 Possible Targets by Bytes:
        Src IP   Src Port          Dst IP   Dst Port   Sampled Count
------------------------------------------------------------------
                      443   132.70.60.180               119204204100
                            132.70.60.180               119204204100
  65.9.175.125        443                                31767372900
  65.9.175.125                                           31767372900
   65.9.175.17        443                                29739249000
   65.9.175.17                                           29739249000
   65.9.175.95        443                                28874094000
   65.9.175.95                                           28874094000
   65.9.175.44        443                                28837566000
   65.9.175.44                                           28837566000

Metric Info:
2M Packets/s

Alert Type:
time_window

Alert Description:
High packet rate.

Start Time: 2025-12-16 19:24:06
End Time: ongoing

First Event Seen: 2025-12-16 19:21:00
Last Event Seen: 2025-12-16 19:22:00

Further Details:
https://secondary.nemo.geant.org/alerts/details/225013/

More information about the Nemo-ddos-list mailing list