[NeMo-DDoS-List] FW: [Geant NeMo] Analysis for Alert #392604 WARN: IUCC (AS378) - [Customer] [Email_Analysis] [IUCC]

Wed Nov 5 23:48:39 IST 2025



________________________________________
From: nemo-ddos at host.geant.org <nemo-ddos at host.geant.org>
Sent: Wednesday, November 5, 2025 11:48:32 PM (UTC+02:00) Jerusalem
To: soc at geant.org
Subject: [Geant NeMo] Analysis for Alert #392604 WARN: IUCC (AS378) - [Customer] [Email_Analysis] [IUCC]

Please find the analysis details for the Alert ID: 392604

Top-10 Src IPs by Packets:
  Packets   Est. Rate   % of Total           Src IP
--------------------------------------------------
  5233500       17445         4.9%     52.217.114.1
  4066800       13556         3.8%   57.144.244.192
  3929100       13097         3.7%   57.144.248.192
  3200700       10669         3.0%    13.107.136.10
  2691000        8970         2.5%   17.248.172.181
  1981800        6606         1.9%   157.240.253.63
  1725000        5750         1.6%      192.114.7.2
  1711500        5705         1.6%   202.63.241.163
  1584600        5282         1.5%    54.227.119.80
  1557300        5191         1.5%    18.212.242.29

Top-10 Dst IPs by Packets:
   Packets   Est. Rate   % of Total            Dst IP
----------------------------------------------------
  16917300       56391        15.9%   128.139.225.245
   5244300       17481         4.9%     128.139.200.4
   5233500       17445         4.9%     132.76.223.29
   4728000       15760         4.5%     128.139.200.5
   3847500       12825         3.6%     192.114.3.241
   2866800        9556         2.7%    132.75.113.113
   2694600        8982         2.5%     132.64.145.86
   1853100        6177         1.7%      192.114.52.1
   1711500        5705         1.6%    132.66.244.148
   1509600        5032         1.4%      94.34.213.13

Top-10 Possible Targets by Bytes:
        Src IP   Src Port            Dst IP   Dst Port   Sampled Count
--------------------------------------------------------------------
                            128.139.225.245                20884937100
                      443   128.139.225.245                17525701500
  52.217.114.1        443                                   7576189200
  52.217.114.1                                   33024      7576189200
  52.217.114.1                                              7576189200
                      443     132.76.223.29                 7576189200
                              132.76.223.29      33024      7576189200
                              132.76.223.29                 7576189200
                              128.139.200.4                 7136316900
                      443     128.139.200.4                 7132428900

Metric Info:
683k Packets/s

Alert Type:
time_window

Alert Description:
High packet rate

Start Time: 2025-11-05 21:48:19
End Time: ongoing

First Event Seen: 2025-11-05 21:46:00
Last Event Seen: 2025-11-05 21:47:00

Further Details:
https://primary.nemo.geant.org/alerts/details/392604/