[NeMo-DDoS-List] FW: [Geant NeMo] Analysis for Alert #226648 WARN: IUCC (AS378) - [Customer] [Email_Analysis] [IUCC]

Hank Nussbacher hank at mail.iucc.ac.il
Mon Dec 29 12:15:07 IST 2025 



________________________________________
From: nemo-ddos at host.geant.org <nemo-ddos at host.geant.org>
Sent: Monday, December 29, 2025 12:15:00 PM (UTC+02:00) Jerusalem
To: soc at geant.org
Subject: [Geant NeMo] Analysis for Alert #226648 WARN: IUCC (AS378) - [Customer] [Email_Analysis] [IUCC]

Please find the analysis details for the Alert ID: 226648

Top-10 Src IPs by Packets:
   Packets   Est. Rate   % of Total           Src IP
---------------------------------------------------
  75904800      253016        54.0%    82.147.85.190
   3247500       10825         2.3%     79.124.49.10
   2991900        9973         2.1%    79.124.62.162
   2985900        9953         2.1%    79.124.62.170
   2946300        9821         2.1%    79.124.62.174
   2943600        9812         2.1%    79.124.62.166
   2797500        9325         2.0%   185.242.226.61
   2397000        7990         1.7%   185.26.239.193
    918900        3063         0.7%    5.255.123.180
    918300        3061         0.7%       5.230.70.3

Top-10 Dst IPs by Packets:
  Packets   Est. Rate   % of Total            Dst IP
---------------------------------------------------
   418200        1394         0.3%      192.114.5.10
   410400        1368         0.3%    132.73.124.194
   215100         717         0.2%   192.114.105.254
   130500         435         0.1%    192.114.91.246
   121500         405         0.1%    192.114.91.248
   120300         401         0.1%    192.114.91.245
   118200         394         0.1%    192.114.91.249
   114600         382         0.1%    192.114.91.243
   108600         362         0.1%    192.114.91.244
   102600         342         0.1%    192.114.91.247

Top-10 Possible Targets by Bytes:
         Src IP   Src Port         Dst IP   Dst Port   Sampled Count
------------------------------------------------------------------
  82.147.85.190                                           3036192000
  82.147.85.190      42902                                1961556000
  82.147.85.190      42963                                1074624000
                             192.114.5.10                  470012400
                       443   192.114.5.10                  469900800
    23.41.187.9        443                                 269581200
    23.41.187.9                                            269581200
    23.41.187.9                                10909       269565600
                             192.114.5.10      10909       269565600
   23.41.187.13        443                                 195183600

Metric Info:
585k SYN Packets/s

Alert Type:
time_window

Alert Description:
High SYN packet rate.

Start Time: 2025-12-29 10:11:45
End Time: ongoing

First Event Seen: 2025-12-29 10:09:00
Last Event Seen: 2025-12-29 10:13:00

Further Details:
https://secondary.nemo.geant.org/alerts/details/226648/

More information about the Nemo-ddos-list mailing list