[NeMo-DDoS-List] FW: [Geant NeMo] Analysis for Alert #221171 WARN: IUCC (AS378) - [Customer] [Email_Analysis] [IUCC]

[Hank Nussbacher]

________________________________________
From: nemo-ddos at host.geant.org <nemo-ddos at host.geant.org>
Sent: Saturday, November 15, 2025 6:09:48 AM (UTC+02:00) Jerusalem
To: soc at geant.org
Subject: [Geant NeMo] Analysis for Alert #221171 WARN: IUCC (AS378) - [Customer] [Email_Analysis] [IUCC]

Please find the analysis details for the Alert ID: 221171

Top-10 Src IPs by Packets:
   Packets   Est. Rate   % of Total            Src IP
----------------------------------------------------
  78702300      262341        26.4%        132.74.3.2
  35153400      117178        11.8%        132.74.3.4
  27048000       90160         9.1%        132.74.3.3
   6251700       20839         2.1%     142.251.36.42
   6156300       20521         2.1%        51.17.9.57
   5335200       17784         1.8%    199.232.82.172
   4617600       15392         1.5%      109.70.74.29
   4136400       13788         1.4%     91.239.216.15
   3806100       12687         1.3%   128.139.226.100
   2876100        9587         1.0%         3.5.29.18

Top-10 Dst IPs by Packets:
   Packets   Est. Rate   % of Total        Dst IP
------------------------------------------------
  17211900       57373         5.8%    3.5.56.197
  13773300       45911         4.6%    3.5.56.207
  11747700       39159         3.9%     3.5.58.40
  11667300       38891         3.9%    132.74.3.2
   9698400       32328         3.3%     3.5.56.25
   9477600       31592         3.2%   16.12.14.22
   7081500       23605         2.4%   16.12.12.18
   6982200       23274         2.3%     3.5.57.49
   6765600       22552         2.3%   16.12.14.18
   6686700       22289         2.2%   16.12.12.22

Top-10 Possible Targets by Bytes:
      Src IP   Src Port       Dst IP   Dst Port   Sampled Count
-------------------------------------------------------------
  132.74.3.2                                443    114169504500
  132.74.3.2                                       114169504500
  132.74.3.4                                443     50998455900
  132.74.3.4                                        50998455900
  132.74.3.3                                443     39127886700
  132.74.3.3                                        39127886700
                          3.5.56.197        443     24895254600
                          3.5.56.197                24895254600
                          3.5.56.207        443     19202715900
                          3.5.56.207                19202715900

Metric Info:
1M Packets/s

Alert Type:
time_window

Alert Description:
High packet rate.

Start Time: 2025-11-15 04:09:38
End Time: ongoing

First Event Seen: 2025-11-15 04:07:00
Last Event Seen: 2025-11-15 04:08:00

Further Details:
https://secondary.nemo.geant.org/alerts/details/221171/