[NeMo-DDoS-List] FW: [Geant NeMo] Analysis for Alert #225154 WARN: IUCC (AS378) - [Customer] [Email_Analysis] [IUCC]

Wed Dec 17 20:09:14 IST 2025

________________________________________
From: nemo-ddos at host.geant.org <nemo-ddos at host.geant.org>
Sent: Wednesday, December 17, 2025 8:09:09 PM (UTC+02:00) Jerusalem
To: soc at geant.org
Subject: [Geant NeMo] Analysis for Alert #225154 WARN: IUCC (AS378) - [Customer] [Email_Analysis] [IUCC]

Please find the analysis details for the Alert ID: 225154

Top-10 Src IPs by Packets:
   Packets   Est. Rate   % of Total            Src IP
----------------------------------------------------
  38401500      128005         8.3%     192.12.15.196
  21630900       72103         4.7%     20.209.119.38
  20576400       68588         4.4%     192.41.231.83
  15327600       51092         3.3%     192.12.15.194
  10236300       34121         2.2%     161.9.255.116
   7902300       26341         1.7%     194.80.35.205
   5844900       19483         1.3%   131.154.129.201
   5449500       18165         1.2%     52.98.242.226
   5070900       16903         1.1%      23.41.187.33
   4804200       16014         1.0%     34.104.35.123

Top-10 Dst IPs by Packets:
    Packets   Est. Rate   % of Total            Dst IP
-----------------------------------------------------
  190047300      633491        41.0%   192.114.101.113
   21631200       72104         4.7%     132.70.60.151
   10808100       36027         2.3%     128.139.200.4
   10770300       35901         2.3%     128.139.200.5
    9620700       32069         2.1%    132.73.124.194
    9511500       31705         2.1%      192.114.5.10
    8262300       27541         1.8%    132.64.186.144
    6762000       22540         1.5%   128.139.225.245
    6388500       21295         1.4%      132.76.61.54
    5769900       19233         1.2%    132.64.192.202

Top-10 Possible Targets by Bytes:
         Src IP   Src Port            Dst IP   Dst Port   Sampled Count
---------------------------------------------------------------------
                             192.114.101.113               284847070200
                       443   192.114.101.113                82078093800
  192.12.15.196        443                                  57591288600
  192.12.15.196                                             57591288600
                      2880   192.114.101.113                36520492200
  20.209.119.38        443                                  32383310700
  20.209.119.38                                             32383310700
                       443     132.70.60.151                32383310700
                               132.70.60.151                32383310700
  192.41.231.83       2880                                  30800111100

Metric Info:
2M ACK Packets/s

Alert Type:
time_window

Alert Description:
High ACK packet rate.

Start Time: 2025-12-17 18:05:41
End Time: ongoing

First Event Seen: 2025-12-17 18:03:00
Last Event Seen: 2025-12-17 18:07:00

Further Details:
https://secondary.nemo.geant.org/alerts/details/225154/