[NeMo-DDoS-List] FW: [Geant NeMo] Analysis for Alert #225155 WARN: IUCC (AS378) - [Customer] [Email_Analysis] [IUCC]

Wed Dec 17 20:06:06 IST 2025

________________________________________
From: nemo-ddos at host.geant.org <nemo-ddos at host.geant.org>
Sent: Wednesday, December 17, 2025 8:05:54 PM (UTC+02:00) Jerusalem
To: soc at geant.org
Subject: [Geant NeMo] Analysis for Alert #225155 WARN: IUCC (AS378) - [Customer] [Email_Analysis] [IUCC]

Please find the analysis details for the Alert ID: 225155

Top-10 Src IPs by Packets:
   Packets   Est. Rate   % of Total            Src IP
----------------------------------------------------
  23453100       78177         5.7%     192.12.15.196
  14193900       47313         3.5%     192.41.231.83
   9249600       30832         2.3%     192.12.15.194
   8207400       27358         2.0%    57.144.248.192
   7084200       23614         1.7%   128.139.226.100
   6237300       20791         1.5%    157.240.253.63
   6091200       20304         1.5%     161.9.255.116
   6084600       20282         1.5%     194.80.35.205
   5844900       19483         1.4%   131.154.129.201
   5361900       17873         1.3%    57.144.244.192

Top-10 Dst IPs by Packets:
    Packets   Est. Rate   % of Total            Dst IP
-----------------------------------------------------
  127704900      425683        31.3%   192.114.101.113
   12016200       40054         2.9%   128.139.225.245
   10603500       35345         2.6%    132.64.192.202
    9499200       31664         2.3%      192.114.5.10
    9332700       31109         2.3%     128.139.200.4
    9240300       30801         2.3%     128.139.200.5
    8465700       28219         2.1%    132.73.124.194
    7083900       23613         1.7%    132.64.186.144
    6819300       22731         1.7%      51.16.227.58
    5427300       18091         1.3%      132.76.61.54

Top-10 Possible Targets by Bytes:
         Src IP   Src Port            Dst IP   Dst Port   Sampled Count
---------------------------------------------------------------------
                             192.114.101.113               190958827200
                       443   192.114.101.113                49801169400
  192.12.15.196        443                                  35176116600
  192.12.15.196                                             35176116600
                      2880   192.114.101.113                24577670400
  192.41.231.83       2880                                  21248004900
  192.41.231.83                                             21248004900
                      8443   192.114.101.113                18729373200
  192.12.15.194        443                                  13873552800
  192.12.15.194                                             13873552800

Metric Info:
2M Packets/s

Alert Type:
time_window

Alert Description:
High packet rate.

Start Time: 2025-12-17 18:05:42
End Time: ongoing

First Event Seen: 2025-12-17 18:03:00
Last Event Seen: 2025-12-17 18:04:00

Further Details:
https://secondary.nemo.geant.org/alerts/details/225155/