[NeMo-DDoS-List] FW: [Geant NeMo] Analysis for Alert #221446 WARN: IUCC (AS378) - [Customer] [Email_Analysis] [IUCC]

Hank Nussbacher hank at mail.iucc.ac.il
Mon Nov 17 04:14:01 IST 2025 



________________________________________
From: nemo-ddos at host.geant.org <nemo-ddos at host.geant.org>
Sent: Monday, November 17, 2025 4:13:50 AM (UTC+02:00) Jerusalem
To: soc at geant.org
Subject: [Geant NeMo] Analysis for Alert #221446 WARN: IUCC (AS378) - [Customer] [Email_Analysis] [IUCC]

Please find the analysis details for the Alert ID: 221446

Top-10 Src IPs by Packets:
   Packets   Est. Rate   % of Total           Src IP
---------------------------------------------------
  29177400       97258        10.8%     2.23.231.234
  25561800       85206         9.5%     2.23.231.161
  16083300       53611         5.9%   199.232.82.172
  13871400       46238         5.1%     23.41.187.31
  10852500       36175         4.0%      23.41.187.5
   8075400       26918         3.0%   154.61.149.102
   5877000       19590         2.2%       51.17.9.57
   5284800       17616         2.0%    52.98.242.226
   5056800       16856         1.9%       132.74.3.4
   4618200       15394         1.7%     13.32.121.79

Top-10 Dst IPs by Packets:
   Packets   Est. Rate   % of Total            Dst IP
----------------------------------------------------
  12243600       40812         4.5%     132.72.23.183
   8536200       28454         3.2%     132.73.124.68
   8075400       26918         3.0%     132.76.105.72
   7982400       26608         3.0%     132.73.124.72
   7478700       24929         2.8%     132.73.124.48
   6739800       22466         2.5%      132.73.124.8
   6249600       20832         2.3%    132.73.124.236
   6118800       20396         2.3%    199.232.82.172
   5960700       19869         2.2%   128.139.225.245
   5870400       19568         2.2%   128.139.197.177

Top-10 Possible Targets by Bytes:
          Src IP   Src Port          Dst IP   Dst Port   Sampled Count
--------------------------------------------------------------------
    2.23.231.234                                           43631340900
    2.23.231.234        443                                43546825800
    2.23.231.161                                           38049810900
    2.23.231.161        443                                37940309100
  199.232.82.172                                           22486420800
    23.41.187.31        443                                20750266500
    23.41.187.31                                           20750266500
  199.232.82.172        443                                20533300500
                        443   132.72.23.183                18175398000
                              132.72.23.183                18175398000

Metric Info:
1M Packets/s

Alert Type:
time_window

Alert Description:
High packet rate.

Start Time: 2025-11-17 02:13:41
End Time: ongoing

First Event Seen: 2025-11-17 02:11:00
Last Event Seen: 2025-11-17 02:12:00

Further Details:
https://secondary.nemo.geant.org/alerts/details/221446/

More information about the Nemo-ddos-list mailing list