[NeMo-DDoS-List] FW: [Geant NeMo] Analysis for Alert #377927 WARN: IUCC (AS378) - [Customer] [Email_Analysis] [IUCC]

Wed Jul 16 17:15:19 IDT 2025



________________________________________
From: nemo-ddos at host.geant.org <nemo-ddos at host.geant.org>
Sent: Wednesday, July 16, 2025 5:15:14 PM (UTC+02:00) Jerusalem
To: soc at geant.org
Subject: [Geant NeMo] Analysis for Alert #377927 WARN: IUCC (AS378) - [Customer] [Email_Analysis] [IUCC]

Please find the analysis details for the Alert ID: 377927

Top-10 Src IPs by Packets:
   Packets   Est. Rate   % of Total           Src IP
---------------------------------------------------
  40466100      134887         8.2%   95.101.122.138
  30212400      100708         6.2%   95.101.122.152
  14302200       47674         2.9%    162.125.69.15
   9320400       31068         1.9%    132.73.124.72
   7549500       25165         1.5%     132.73.124.8
   6939000       23130         1.4%    34.104.35.123
   6405000       21350         1.3%     132.76.61.51
   6274200       20914         1.3%     184.25.54.62
   6191400       20638         1.3%   95.101.122.114
   5417100       18057         1.1%    95.101.122.91

Top-10 Dst IPs by Packets:
   Packets   Est. Rate   % of Total           Dst IP
---------------------------------------------------
  20551800       68506         4.2%   95.101.122.138
  19545300       65151         4.0%     132.76.61.52
  15413100       51377         3.1%   95.101.122.152
  15309300       51031         3.1%     132.73.124.8
  13089900       43633         2.7%    132.73.124.72
  11394300       37981         2.3%    162.125.69.18
   9467100       31557         1.9%      132.66.79.8
   9311700       31039         1.9%    132.73.124.32
   8942400       29808         1.8%    128.139.200.5
   8695200       28984         1.8%    128.139.200.4

Top-10 Possible Targets by Bytes:
          Src IP   Src Port          Dst IP   Dst Port   Sampled Count
--------------------------------------------------------------------
  95.101.122.138        443                                60322468500
  95.101.122.138                                           60322468500
  95.101.122.152        443                                45146142300
  95.101.122.152                                           45146142300
                               132.76.61.52                26730494100
                        443    132.76.61.52                26349603300
                               132.73.124.8                21970147500
                        443    132.73.124.8                21969873600
                              132.73.124.72                18162352200
                        443   132.73.124.72                18160554900

Metric Info:
2M TCP Packets/s

Alert Type:
time_window

Alert Description:
High TCP packet rate

Start Time: 2025-07-16 14:11:55
End Time: ongoing

First Event Seen: 2025-07-16 14:09:00
Last Event Seen: 2025-07-16 14:13:00

Further Details:
https://primary.nemo.geant.org/alerts/details/377927/