[NeMo-DDoS-List] FW: [Geant NeMo] Analysis for Alert #225153 WARN: IUCC (AS378) - [Customer] [Email_Analysis] [IUCC]

Wed Dec 17 20:09:15 IST 2025

________________________________________
From: nemo-ddos at host.geant.org <nemo-ddos at host.geant.org>
Sent: Wednesday, December 17, 2025 8:09:09 PM (UTC+02:00) Jerusalem
To: soc at geant.org
Subject: [Geant NeMo] Analysis for Alert #225153 WARN: IUCC (AS378) - [Customer] [Email_Analysis] [IUCC]

Please find the analysis details for the Alert ID: 225153

Top-10 Src IPs by Packets:
   Packets   Est. Rate   % of Total            Src IP
----------------------------------------------------
  38401500      128005         8.0%     192.12.15.196
  21630900       72103         4.5%     20.209.119.38
  20576400       68588         4.3%     192.41.231.83
  15327600       51092         3.2%     192.12.15.194
  10236300       34121         2.1%     161.9.255.116
   7902300       26341         1.6%     194.80.35.205
   5844900       19483         1.2%   131.154.129.201
   5449800       18166         1.1%     52.98.242.226
   5070900       16903         1.1%      23.41.187.33
   4804200       16014         1.0%     34.104.35.123

Top-10 Dst IPs by Packets:
    Packets   Est. Rate   % of Total            Dst IP
-----------------------------------------------------
  190047600      633492        39.4%   192.114.101.113
   21630900       72103         4.5%     132.70.60.151
   10808100       36027         2.2%     128.139.200.4
   10770600       35902         2.2%     128.139.200.5
    9626700       32089         2.0%    132.73.124.194
    9521700       31739         2.0%      192.114.5.10
    8262300       27541         1.7%    132.64.186.144
    6766500       22555         1.4%   128.139.225.245
    6391200       21304         1.3%      132.76.61.54
    5775000       19250         1.2%    132.64.192.202

Top-10 Possible Targets by Bytes:
         Src IP   Src Port            Dst IP   Dst Port   Sampled Count
---------------------------------------------------------------------
                             192.114.101.113               284847082200
                       443   192.114.101.113                82078093800
  192.12.15.196        443                                  57591288600
  192.12.15.196                                             57591288600
                      2880   192.114.101.113                36520492200
  20.209.119.38        443                                  32383310700
  20.209.119.38                                             32383310700
                       443     132.70.60.151                32383310700
                               132.70.60.151                32383310700
  192.41.231.83       2880                                  30800111100

Metric Info:
2M TCP Packets/s

Alert Type:
time_window

Alert Description:
High TCP packet rate.

Start Time: 2025-12-17 18:05:41
End Time: ongoing

First Event Seen: 2025-12-17 18:03:00
Last Event Seen: 2025-12-17 18:07:00

Further Details:
https://secondary.nemo.geant.org/alerts/details/225153/