[NeMo-DDoS-List] FW: [Geant NeMo] Analysis for Alert #221446 CRIT: IUCC (AS378) - [Customer] [Email_Analysis] [IUCC]

Mon Nov 17 04:18:00 IST 2025

________________________________________
From: nemo-ddos at host.geant.org <nemo-ddos at host.geant.org>
Sent: Monday, November 17, 2025 4:17:53 AM (UTC+02:00) Jerusalem
To: soc at geant.org
Subject: [Geant NeMo] Analysis for Alert #221446 CRIT: IUCC (AS378) - [Customer] [Email_Analysis] [IUCC]

Please find the analysis details for the Alert ID: 221446

Top-10 Src IPs by Packets:
   Packets   Est. Rate   % of Total           Src IP
---------------------------------------------------
  44790300      149301        12.4%     2.23.231.234
  37984500      126615        10.5%     2.23.231.161
  22318500       74395         6.2%     23.41.187.31
  21570600       71902         6.0%   199.232.82.172
  19337700       64459         5.4%      23.41.187.5
   9666900       32223         2.7%   154.61.149.102
   7108200       23694         2.0%       51.17.9.57
   6682200       22274         1.9%    52.98.242.226
   6141300       20471         1.7%       132.74.3.4
   5744400       19148         1.6%     13.32.121.79

Top-10 Dst IPs by Packets:
   Packets   Est. Rate   % of Total            Dst IP
----------------------------------------------------
  17693700       58979         4.9%     132.72.23.183
  13278600       44262         3.7%     132.73.124.68
  12462300       41541         3.5%     132.73.124.72
  11421900       38073         3.2%     132.73.124.48
  10042500       33475         2.8%      132.73.124.8
   9805800       32686         2.7%    132.73.124.236
   9666900       32223         2.7%     132.76.105.72
   8952600       29842         2.5%    199.232.82.172
   7830300       26101         2.2%   128.139.225.245
   7100400       23668         2.0%   128.139.197.177

Top-10 Possible Targets by Bytes:
          Src IP   Src Port   Dst IP   Dst Port   Sampled Count
-------------------------------------------------------------
    2.23.231.234                                    66996309600
    2.23.231.234        443                         66898606800
    2.23.231.161                                    56622204000
    2.23.231.161        443                         56467148700
    23.41.187.31        443                         33398135700
    23.41.187.31                                    33398135700
  199.232.82.172                                    30271408200
     23.41.187.5        443                         28900949700
     23.41.187.5                                    28900949700
  199.232.82.172        443                         28089617400

Metric Info:
1M Packets/s

Alert Type:
time_window

Alert Description:
High packet rate.

Start Time: 2025-11-17 02:13:41
End Time: ongoing

First Event Seen: 2025-11-17 02:11:00
Last Event Seen: 2025-11-17 02:16:00

Further Details:
https://secondary.nemo.geant.org/alerts/details/221446/