[NeMo-DDoS-List] FW: [Geant NeMo] Analysis for Alert #226217 WARN: IUCC (AS378) - [Customer] [Email_Analysis] [IUCC]

Fri Dec 26 07:45:10 IST 2025

________________________________________
From: nemo-ddos at host.geant.org <nemo-ddos at host.geant.org>
Sent: Friday, December 26, 2025 7:44:58 AM (UTC+02:00) Jerusalem
To: soc at geant.org
Subject: [Geant NeMo] Analysis for Alert #226217 WARN: IUCC (AS378) - [Customer] [Email_Analysis] [IUCC]

Please find the analysis details for the Alert ID: 226217

Top-10 Src IPs by Packets:
    Packets   Est. Rate   % of Total                 Src IP
----------------------------------------------------------
  107080200      356934        41.1%         146.75.122.172
   12054900       40183         4.6%         216.58.204.138
    6876900       22923         2.6%   2001:bf8:900:d:2::71
    6607500       22025         2.5%          216.58.209.42
    4356600       14522         1.7%         17.248.172.212
    4232100       14107         1.6%           2.16.168.105
    3222600       10742         1.2%          13.107.138.10
    2707500        9025         1.0%           79.124.49.10
    2569200        8564         1.0%            192.114.7.2
    2491500        8305         1.0%          162.125.69.12

Top-10 Dst IPs by Packets:
   Packets   Est. Rate   % of Total                Dst IP
--------------------------------------------------------
  11070900       36903         4.3%         132.65.180.15
   5290200       17634         2.0%         132.74.74.134
   4356900       14523         1.7%          132.64.72.94
   4125000       13750         1.6%        132.71.138.174
   4076700       13589         1.6%          192.114.5.10
   3970800       13236         1.5%        132.71.138.175
   3518700       11729         1.4%         192.114.3.241
   3188400       10628         1.2%          132.76.61.53
   3093900       10313         1.2%         132.71.124.49
   2849400        9498         1.1%   2607:f8f0:660:3::22

Top-10 Possible Targets by Bytes:
                Src IP   Src Port          Dst IP   Dst Port   Sampled Count
--------------------------------------------------------------------------
        146.75.122.172                                          153050625600
        146.75.122.172        443                               136267088700
        216.58.204.138        443                                17233600500
        216.58.204.138                                           17233600500
                              443   132.65.180.15                16071468600
                                    132.65.180.15                16071468600
        146.75.122.172         80                                15256153200
  2001:bf8:900:d:2::71       8443                                10303772100
  2001:bf8:900:d:2::71                                           10303772100
         216.58.209.42        443                                 9426913500

Metric Info:
1M Packets/s

Alert Type:
time_window

Alert Description:
High packet rate.

Start Time: 2025-12-26 05:44:49
End Time: ongoing

First Event Seen: 2025-12-26 05:42:00
Last Event Seen: 2025-12-26 05:43:00

Further Details:
https://secondary.nemo.geant.org/alerts/details/226217/