[NeMo-DDoS-List] FW: [Geant NeMo] Analysis for Alert #225830 WARN: IUCC (AS378) - [Customer] [Email_Analysis] [IUCC]

Mon Dec 22 23:20:57 IST 2025

________________________________________
From: nemo-ddos at host.geant.org <nemo-ddos at host.geant.org>
Sent: Monday, December 22, 2025 11:20:49 PM (UTC+02:00) Jerusalem
To: soc at geant.org
Subject: [Geant NeMo] Analysis for Alert #225830 WARN: IUCC (AS378) - [Customer] [Email_Analysis] [IUCC]

Please find the analysis details for the Alert ID: 225830

Top-10 Src IPs by Packets:
   Packets   Est. Rate   % of Total            Src IP
----------------------------------------------------
  27870000       92900         8.4%       65.9.175.44
  19773000       65910         5.9%       172.64.66.1
  17340900       57803         5.2%      65.9.175.125
  16740600       55802         5.0%       65.9.175.17
  15648900       52163         4.7%       65.9.175.95
   8471100       28237         2.5%    216.58.204.138
   8115600       27052         2.4%   142.251.140.106
   7668900       25563         2.3%    57.144.248.192
   7163400       23878         2.1%    157.240.253.63
   6444000       21480         1.9%   142.250.186.187

Top-10 Dst IPs by Packets:
   Packets   Est. Rate   % of Total            Dst IP
----------------------------------------------------
  83871600      279572        25.1%     132.70.60.180
  19819500       66065         5.9%    132.73.124.180
  11995800       39986         3.6%     132.66.253.82
  10960800       36536         3.3%     132.65.180.15
   8901000       29670         2.7%    132.64.192.202
   8198100       27327         2.5%   128.139.225.245
   7451400       24838         2.2%     128.139.200.5
   6758100       22527         2.0%     128.139.200.4
   5643600       18812         1.7%       132.74.6.58
   5031600       16772         1.5%     132.74.74.134

Top-10 Possible Targets by Bytes:
        Src IP   Src Port           Dst IP   Dst Port   Sampled Count
-------------------------------------------------------------------
                      443    132.70.60.180               123342681000
                             132.70.60.180               123342681000
   65.9.175.44        443                                 41072015400
   65.9.175.44                                            41072015400
   172.64.66.1        443                                 29538042600
   172.64.66.1                                            29538042600
                      443   132.73.124.180                29532783600
                            132.73.124.180                29532783600
  65.9.175.125        443                                 25259261100
  65.9.175.125                                            25259261100

Metric Info:
1M Packets/s

Alert Type:
time_window

Alert Description:
High packet rate.

Start Time: 2025-12-22 21:20:41
End Time: ongoing

First Event Seen: 2025-12-22 21:18:00
Last Event Seen: 2025-12-22 21:19:00

Further Details:
https://secondary.nemo.geant.org/alerts/details/225830/