[NeMo-DDoS-List] FW: [Geant NeMo] Analysis for Alert #225825 WARN: IUCC (AS378) - [Customer] [Email_Analysis] [IUCC]

Mon Dec 22 23:09:03 IST 2025

________________________________________
From: nemo-ddos at host.geant.org <nemo-ddos at host.geant.org>
Sent: Monday, December 22, 2025 11:08:56 PM (UTC+02:00) Jerusalem
To: soc at geant.org
Subject: [Geant NeMo] Analysis for Alert #225825 WARN: IUCC (AS378) - [Customer] [Email_Analysis] [IUCC]

Please find the analysis details for the Alert ID: 225825

Top-10 Src IPs by Packets:
   Packets   Est. Rate   % of Total            Src IP
----------------------------------------------------
  23815800       79386         7.1%       65.9.175.95
  23081400       76938         6.9%       65.9.175.17
  15699000       52330         4.7%      65.9.175.125
  15459000       51530         4.6%       65.9.175.44
   7585200       25284         2.3%    57.144.248.192
   7151400       23838         2.1%    157.240.253.63
   7052400       23508         2.1%   142.251.140.106
   6374400       21248         1.9%   142.250.186.187
   5869200       19564         1.8%     34.104.35.123
   5634600       18782         1.7%      2.17.153.161

Top-10 Dst IPs by Packets:
   Packets   Est. Rate   % of Total            Dst IP
----------------------------------------------------
  84434700      281449        25.3%     132.70.60.180
  13616700       45389         4.1%     132.66.253.82
  11090700       36969         3.3%     132.65.180.15
   8129700       27099         2.4%    132.64.192.202
   8011200       26704         2.4%   128.139.225.245
   7316100       24387         2.2%     128.139.200.5
   6088200       20294         1.8%     128.139.200.4
   4962000       16540         1.5%     132.74.74.134
   4601400       15338         1.4%       132.74.6.58
   4371600       14572         1.3%      192.114.52.9

Top-10 Possible Targets by Bytes:
        Src IP   Src Port          Dst IP   Dst Port   Sampled Count
------------------------------------------------------------------
                            132.70.60.180               124287480900
                      443   132.70.60.180               124287204600
   65.9.175.95        443                                35138826600
   65.9.175.95                                           35138826600
   65.9.175.17        443                                34059238500
   65.9.175.17                                           34059238500
  65.9.175.125        443                                23169077700
  65.9.175.125                                           23169077700
   65.9.175.44        443                                22835081100
   65.9.175.44                                           22835081100

Metric Info:
1M Packets/s

Alert Type:
time_window

Alert Description:
High packet rate.

Start Time: 2025-12-22 21:08:47
End Time: ongoing

First Event Seen: 2025-12-22 21:06:00
Last Event Seen: 2025-12-22 21:07:00

Further Details:
https://secondary.nemo.geant.org/alerts/details/225825/