[NeMo-DDoS-List] FW: [Geant NeMo] Analysis for Alert #225813 WARN: IUCC (AS378) - [Customer] [Email_Analysis] [IUCC]

Mon Dec 22 22:00:09 IST 2025

________________________________________
From: nemo-ddos at host.geant.org <nemo-ddos at host.geant.org>
Sent: Monday, December 22, 2025 9:59:55 PM (UTC+02:00) Jerusalem
To: soc at geant.org
Subject: [Geant NeMo] Analysis for Alert #225813 WARN: IUCC (AS378) - [Customer] [Email_Analysis] [IUCC]

Please find the analysis details for the Alert ID: 225813

Top-10 Src IPs by Packets:
   Packets   Est. Rate   % of Total            Src IP
----------------------------------------------------
  56176200      187254        18.5%    146.75.122.172
  14394000       47980         4.7%    216.58.204.138
   7504800       25016         2.5%     34.104.35.123
   6792900       22643         2.2%    57.144.248.192
   6095700       20319         2.0%   142.251.140.106
   5918700       19729         2.0%    157.240.253.63
   5341800       17806         1.8%    184.86.251.146
   4326900       14423         1.4%    216.58.204.234
   4292100       14307         1.4%   142.250.180.138
   4210500       14035         1.4%    57.144.244.192

Top-10 Dst IPs by Packets:
   Packets   Est. Rate   % of Total            Dst IP
----------------------------------------------------
  12624600       42082         4.2%      132.64.81.65
  10978200       36594         3.6%     132.65.180.15
   9412800       31376         3.1%    132.64.192.202
   8747400       29158         2.9%   128.139.225.245
   7892400       26308         2.6%     128.139.200.4
   6153900       20513         2.0%     128.139.200.5
   5106300       17021         1.7%     132.74.74.134
   5036400       16788         1.7%      192.114.52.9
   4465800       14886         1.5%      192.114.2.47
   4314300       14381         1.4%     192.114.52.12

Top-10 Possible Targets by Bytes:
          Src IP   Src Port          Dst IP   Dst Port   Sampled Count
--------------------------------------------------------------------
  146.75.122.172                                           80321628000
  146.75.122.172        443                                79746744300
  216.58.204.138        443                                20573376300
  216.58.204.138                                           20573376300
                        443    132.64.81.65                18313677300
                               132.64.81.65                18313677300
                        443   132.65.180.15                15930990600
                              132.65.180.15                15930990600
   34.104.35.123                                           10722329400
   34.104.35.123         80                                10229929200

Metric Info:
1M Packets/s

Alert Type:
time_window

Alert Description:
High packet rate.

Start Time: 2025-12-22 19:59:47
End Time: ongoing

First Event Seen: 2025-12-22 19:57:00
Last Event Seen: 2025-12-22 19:58:00

Further Details:
https://secondary.nemo.geant.org/alerts/details/225813/