[NeMo-DDoS-List] FW: [Geant NeMo] Analysis for Alert #221009 WARN: IUCC (AS378) - [Customer] [Email_Analysis] [IUCC]

Thu Nov 13 22:38:39 IST 2025

________________________________________
From: nemo-ddos at host.geant.org <nemo-ddos at host.geant.org>
Sent: Thursday, November 13, 2025 10:38:31 PM (UTC+02:00) Jerusalem
To: soc at geant.org
Subject: [Geant NeMo] Analysis for Alert #221009 WARN: IUCC (AS378) - [Customer] [Email_Analysis] [IUCC]

Please find the analysis details for the Alert ID: 221009

Top-10 Src IPs by Packets:
   Packets   Est. Rate   % of Total            Src IP
----------------------------------------------------
  60247500      200825        12.0%      2.17.152.210
  33515700      111719         6.7%    142.251.209.46
  22581600       75272         4.5%      18.161.97.31
  21246300       70821         4.2%      18.161.97.64
  20154000       67180         4.0%     132.66.253.82
  19262100       64207         3.8%      18.161.97.21
  15819300       52731         3.1%     18.161.97.115
  11851500       39505         2.4%      184.25.54.62
  10654500       35515         2.1%   199.232.214.172
  10257900       34193         2.0%   199.232.210.172

Top-10 Dst IPs by Packets:
   Packets   Est. Rate   % of Total            Dst IP
----------------------------------------------------
  78912000      263040        15.7%      132.68.38.60
  25107000       83690         5.0%     132.66.253.82
   8134200       27114         1.6%   128.139.225.245
   8104800       27016         1.6%        132.68.0.1
   5504100       18347         1.1%    132.77.188.218
   4946400       16488         1.0%     128.139.200.5
   4452000       14840         0.9%   199.232.214.172
   4372800       14576         0.9%   199.232.210.172
   4079100       13597         0.8%     128.139.221.5
   3945000       13150         0.8%     128.139.200.4

Top-10 Possible Targets by Bytes:
          Src IP   Src Port          Dst IP   Dst Port   Sampled Count
--------------------------------------------------------------------
                        443    132.68.38.60               116591602800
                               132.68.38.60               116591602800
    2.17.152.210        443                                90082645500
    2.17.152.210                                           90082645500
  142.251.209.46                                           48340622400
  142.251.209.46        443                                48340610400
    18.161.97.31        443                                33360969600
    18.161.97.31                                           33360969600
                        443   132.66.253.82                33026217000
                              132.66.253.82                33026217000

Metric Info:
1M TCP Packets/s

Alert Type:
time_window

Alert Description:
High TCP packet rate.

Start Time: 2025-11-13 20:34:43
End Time: ongoing

First Event Seen: 2025-11-13 20:32:00
Last Event Seen: 2025-11-13 20:36:00

Further Details:
https://secondary.nemo.geant.org/alerts/details/221009/