[NeMo-DDoS-List] FW: [Geant NeMo] Analysis for Alert #220948 WARN: IUCC (AS378) - [Customer] [Email_Analysis] [IUCC]

Thu Nov 13 13:07:14 IST 2025

________________________________________
From: nemo-ddos at host.geant.org <nemo-ddos at host.geant.org>
Sent: Thursday, November 13, 2025 1:07:08 PM (UTC+02:00) Jerusalem
To: soc at geant.org
Subject: [Geant NeMo] Analysis for Alert #220948 WARN: IUCC (AS378) - [Customer] [Email_Analysis] [IUCC]

Please find the analysis details for the Alert ID: 220948

Top-10 Src IPs by Packets:
  Packets   Est. Rate   % of Total          Src IP
-------------------------------------------------
  8852400       29508        11.3%   62.60.131.126
  8432400       28108        10.8%    77.90.185.52
  5969100       19897         7.6%    45.148.10.73
  5869800       19566         7.5%   62.60.131.114
  5379600       17932         6.9%   91.239.216.15
  5192700       17309         6.6%    109.70.74.29
  3667500       12225         4.7%   77.90.185.235
  3527100       11757         4.5%   77.90.185.234
  1767300        5891         2.3%    62.60.131.19
  1493100        4977         1.9%    62.60.131.90

Top-10 Dst IPs by Packets:
  Packets   Est. Rate   % of Total            Dst IP
---------------------------------------------------
   596100        1987         0.8%     132.75.176.89
   291600         972         0.4%    132.73.124.194
   170100         567         0.2%   192.114.105.254
   156600         522         0.2%      45.148.10.73
   155700         519         0.2%      132.70.66.10
   106500         355         0.1%    192.114.91.248
    98100         327         0.1%      192.114.5.10
    94500         315         0.1%      132.70.66.14
    88200         294         0.1%    192.114.91.243
    86700         289         0.1%      132.70.66.11

Top-10 Possible Targets by Bytes:
          Src IP   Src Port          Dst IP   Dst Port   Sampled Count
--------------------------------------------------------------------
  17.253.122.203        443                                  889932000
  17.253.122.203                                             889932000
  17.253.122.203                                 10407       889752000
                        443   132.75.176.89                  889752000
                              132.75.176.89      10407       889752000
                              132.75.176.89                  889752000
   62.60.131.126                                             389505600
    77.90.185.52                                             371025600
    45.148.10.73                                             262640400
   62.60.131.114                                             258270000

Metric Info:
369k SYN Packets/s

Alert Type:
time_window

Alert Description:
High SYN packet rate.

Start Time: 2025-11-13 11:03:44
End Time: ongoing

First Event Seen: 2025-11-13 11:01:00
Last Event Seen: 2025-11-13 11:05:00

Further Details:
https://secondary.nemo.geant.org/alerts/details/220948/