[NeMo-DDoS-List] FW: [Geant NeMo] Analysis for Alert #225155 CRIT: IUCC (AS378) - [Customer] [Email_Analysis] [IUCC]

Wed Dec 17 20:10:02 IST 2025

________________________________________
From: nemo-ddos at host.geant.org <nemo-ddos at host.geant.org>
Sent: Wednesday, December 17, 2025 8:09:57 PM (UTC+02:00) Jerusalem
To: soc at geant.org
Subject: [Geant NeMo] Analysis for Alert #225155 CRIT: IUCC (AS378) - [Customer] [Email_Analysis] [IUCC]

Please find the analysis details for the Alert ID: 225155

Top-10 Src IPs by Packets:
   Packets   Est. Rate   % of Total            Src IP
----------------------------------------------------
  38401500      128005         6.9%     192.12.15.196
  21630900       72103         3.9%     20.209.119.38
  20576400       68588         3.7%     192.41.231.83
  15327600       51092         2.8%     192.12.15.194
  10236300       34121         1.8%     161.9.255.116
   9918300       33061         1.8%    57.144.248.192
   8768100       29227         1.6%   128.139.226.100
   7902300       26341         1.4%     194.80.35.205
   7497000       24990         1.4%    157.240.253.63
   6379500       21265         1.2%    57.144.244.192

Top-10 Dst IPs by Packets:
    Packets   Est. Rate   % of Total            Dst IP
-----------------------------------------------------
  190047600      633492        34.3%   192.114.101.113
   21630900       72103         3.9%     132.70.60.151
   14268000       47560         2.6%   128.139.225.245
   12468000       41560         2.3%    132.64.192.202
   12001500       40005         2.2%      192.114.5.10
   11094300       36981         2.0%     128.139.200.4
   11031300       36771         2.0%     128.139.200.5
   10680300       35601         1.9%    132.73.124.194
    8442600       28142         1.5%      51.16.227.58
    8262300       27541         1.5%    132.64.186.144

Top-10 Possible Targets by Bytes:
         Src IP   Src Port            Dst IP   Dst Port   Sampled Count
---------------------------------------------------------------------
                             192.114.101.113               284389432200
                       443   192.114.101.113                82078093800
  192.12.15.196        443                                  57591288600
  192.12.15.196                                             57591288600
                      2880   192.114.101.113                36520492200
  20.209.119.38        443                                  32383310700
  20.209.119.38                                             32383310700
                       443     132.70.60.151                32383310700
                               132.70.60.151                32383310700
  192.41.231.83       2880                                  30800111100

Metric Info:
2M Packets/s

Alert Type:
time_window

Alert Description:
High packet rate.

Start Time: 2025-12-17 18:05:42
End Time: ongoing

First Event Seen: 2025-12-17 18:03:00
Last Event Seen: 2025-12-17 18:08:00

Further Details:
https://secondary.nemo.geant.org/alerts/details/225155/