[NeMo-DDoS-List] FW: [Geant NeMo] Analysis for Alert #225854 WARN: IUCC (AS378) - [Customer] [Email_Analysis] [IUCC]

Tue Dec 23 02:20:57 IST 2025

________________________________________
From: nemo-ddos at host.geant.org <nemo-ddos at host.geant.org>
Sent: Tuesday, December 23, 2025 2:20:48 AM (UTC+02:00) Jerusalem
To: soc at geant.org
Subject: [Geant NeMo] Analysis for Alert #225854 WARN: IUCC (AS378) - [Customer] [Email_Analysis] [IUCC]

Please find the analysis details for the Alert ID: 225854

Top-10 Src IPs by Packets:
   Packets   Est. Rate   % of Total                 Src IP
---------------------------------------------------------
  45979500      153265        14.5%         199.232.82.172
  23164500       77215         7.3%          23.218.225.81
  18459000       61530         5.8%          23.218.225.56
  15178500       50595         4.8%          23.218.225.75
   9106200       30354         2.9%          23.218.225.49
   7987200       26624         2.5%        142.250.180.142
   7801500       26005         2.5%        142.251.140.106
   5813400       19378         1.8%   2001:bf8:900:d:2::71
   4947900       16493         1.6%        149.165.224.214
   4226700       14089         1.3%          132.73.124.68

Top-10 Dst IPs by Packets:
   Packets   Est. Rate   % of Total            Dst IP
----------------------------------------------------
  19229400       64098         6.1%    199.232.82.172
  17549100       58497         5.5%     132.73.124.48
  15690300       52301         5.0%     132.73.124.68
  14909700       49699         4.7%   192.114.101.113
  13224000       44080         4.2%     132.73.124.72
  11070000       36900         3.5%     132.65.180.15
  10747800       35826         3.4%    132.73.124.236
   6083100       20277         1.9%    132.64.192.202
   5781600       19272         1.8%    132.73.124.112
   5340600       17802         1.7%     132.72.23.183

Top-10 Possible Targets by Bytes:
          Src IP   Src Port          Dst IP   Dst Port   Sampled Count
--------------------------------------------------------------------
  199.232.82.172                                           65376412800
  199.232.82.172        443                                62720509200
   23.218.225.81        443                                34649310600
   23.218.225.81                                           34649310600
   23.218.225.56        443                                27319797900
   23.218.225.56                                           27319797900
                              132.73.124.48                24357963300
                        443   132.73.124.48                24189649500
   23.218.225.75        443                                22706610600
   23.218.225.75                                           22706610600

Metric Info:
1M Packets/s

Alert Type:
time_window

Alert Description:
High packet rate.

Start Time: 2025-12-23 00:20:41
End Time: ongoing

First Event Seen: 2025-12-23 00:18:00
Last Event Seen: 2025-12-23 00:19:00

Further Details:
https://secondary.nemo.geant.org/alerts/details/225854/