[NeMo-DDoS-List] FW: [Geant NeMo] Analysis for Alert #226587 WARN: IUCC (AS378) - [Customer] [Email_Analysis] [IUCC]

Mon Dec 29 02:19:03 IST 2025

________________________________________
From: nemo-ddos at host.geant.org <nemo-ddos at host.geant.org>
Sent: Monday, December 29, 2025 2:18:55 AM (UTC+02:00) Jerusalem
To: soc at geant.org
Subject: [Geant NeMo] Analysis for Alert #226587 WARN: IUCC (AS378) - [Customer] [Email_Analysis] [IUCC]

Please find the analysis details for the Alert ID: 226587

Top-10 Src IPs by Packets:
   Packets   Est. Rate   % of Total                 Src IP
---------------------------------------------------------
  41316300      137721        15.3%           23.41.187.13
  36531900      121773        13.5%            23.41.187.9
   7009800       23366         2.6%         199.232.82.172
   4683600       15612         1.7%        149.154.175.211
   4074900       13583         1.5%   2001:bf8:900:d:2::71
   4065300       13551         1.5%           34.49.196.34
   4035300       13451         1.5%        151.101.242.172
   3961800       13206         1.5%         57.144.248.192
   3719400       12398         1.4%          13.107.138.10
   3491400       11638         1.3%         157.240.253.63

Top-10 Dst IPs by Packets:
   Packets   Est. Rate   % of Total            Dst IP
----------------------------------------------------
  19814100       66047         7.3%     132.73.124.68
  18421200       61404         6.8%     132.70.60.140
  13575000       45250         5.0%     132.73.124.72
   9309300       31031         3.4%   128.139.225.245
   7314300       24381         2.7%    132.64.192.202
   7202700       24009         2.7%    132.73.124.112
   6176100       20587         2.3%    132.73.124.236
   5580300       18601         2.1%      132.73.124.8
   5387700       17959         2.0%     128.139.200.5
   5289900       17633         2.0%    192.114.23.221

Top-10 Possible Targets by Bytes:
        Src IP   Src Port          Dst IP   Dst Port   Sampled Count
------------------------------------------------------------------
  23.41.187.13                                           61846246800
  23.41.187.13        443                                61739266200
   23.41.187.9        443                                54635649300
   23.41.187.9                                           54635649300
                            132.73.124.68                29473155600
                      443   132.73.124.68                29473143600
                      443   132.70.60.140                26710716900
                            132.70.60.140                26710716900
                            132.73.124.72                19510955100
                      443   132.73.124.72                19509314700

Metric Info:
1M Packets/s

Alert Type:
time_window

Alert Description:
High packet rate.

Start Time: 2025-12-29 00:18:47
End Time: ongoing

First Event Seen: 2025-12-29 00:16:00
Last Event Seen: 2025-12-29 00:17:00

Further Details:
https://secondary.nemo.geant.org/alerts/details/226587/