[NeMo-DDoS-List] FW: [Geant NeMo] Analysis for Alert #225706 WARN: IUCC (AS378) - [Customer] [Email_Analysis] [IUCC]

Mon Dec 22 02:29:01 IST 2025

________________________________________
From: nemo-ddos at host.geant.org <nemo-ddos at host.geant.org>
Sent: Monday, December 22, 2025 2:28:48 AM (UTC+02:00) Jerusalem
To: soc at geant.org
Subject: [Geant NeMo] Analysis for Alert #225706 WARN: IUCC (AS378) - [Customer] [Email_Analysis] [IUCC]

Please find the analysis details for the Alert ID: 225706

Top-10 Src IPs by Packets:
   Packets   Est. Rate   % of Total                 Src IP
---------------------------------------------------------
  43737300      145791        16.2%          23.206.251.51
  42519300      141731        15.8%          23.206.251.73
  28367100       94557        10.5%          23.218.225.56
  15327600       51092         5.7%          23.218.225.81
   5086500       16955         1.9%   2001:bf8:900:d:2::71
   4735200       15784         1.8%        142.251.209.106
   4090800       13636         1.5%         142.251.39.138
   3337500       11125         1.2%        149.165.224.207
   3326700       11089         1.2%        142.250.180.142
   2715000        9050         1.0%           79.124.49.10

Top-10 Dst IPs by Packets:
   Packets   Est. Rate   % of Total            Dst IP
----------------------------------------------------
  21106800       70356         7.8%     132.73.124.68
  14837100       49457         5.5%     132.73.124.48
  14432700       48109         5.4%     132.73.124.72
  12833400       42778         4.8%    132.73.124.236
   7602300       25341         2.8%    132.73.124.112
   7480500       24935         2.8%      132.73.124.8
   6751800       22506         2.5%     192.114.3.241
   5210700       17369         1.9%   128.139.225.245
   5189100       17297         1.9%     132.74.74.134
   5006700       16689         1.9%     132.72.23.183

Top-10 Possible Targets by Bytes:
         Src IP   Src Port          Dst IP   Dst Port   Sampled Count
-------------------------------------------------------------------
  23.206.251.51                                           65442825900
  23.206.251.51        443                                65065677900
  23.206.251.73                                           63639137700
  23.206.251.73        443                                63601140900
  23.218.225.56        443                                42499700400
  23.218.225.56                                           42499700400
                             132.73.124.68                31371123600
                       443   132.73.124.68                31370703900
  23.218.225.81        443                                22965639900
  23.218.225.81                                           22965639900

Metric Info:
1M Packets/s

Alert Type:
time_window

Alert Description:
High packet rate.

Start Time: 2025-12-22 00:28:41
End Time: ongoing

First Event Seen: 2025-12-22 00:26:00
Last Event Seen: 2025-12-22 00:27:00

Further Details:
https://secondary.nemo.geant.org/alerts/details/225706/