[NeMo-DDoS-List] FW: [Geant NeMo] Analysis for Alert #221447 WARN: IUCC (AS378) - [Customer] [Email_Analysis] [IUCC]
Hank Nussbacher
hank at mail.iucc.ac.il
Mon Nov 17 06:03:24 IST 2025
________________________________________
From: nemo-ddos at host.geant.org <nemo-ddos at host.geant.org>
Sent: Monday, November 17, 2025 6:03:16 AM (UTC+02:00) Jerusalem
To: soc at geant.org
Subject: [Geant NeMo] Analysis for Alert #221447 WARN: IUCC (AS378) - [Customer] [Email_Analysis] [IUCC]
Please find the analysis details for the Alert ID: 221447
Top-10 Src IPs by Packets:
Packets Est. Rate % of Total Src IP
---------------------------------------------------
44790300 149301 13.3% 2.23.231.234
37984500 126615 11.3% 2.23.231.161
22317300 74391 6.6% 23.41.187.31
21569700 71899 6.4% 199.232.82.172
19337700 64459 5.7% 23.41.187.5
9666900 32223 2.9% 154.61.149.102
6606000 22020 2.0% 52.98.242.226
6141300 20471 1.8% 132.74.3.4
5744400 19148 1.7% 13.32.121.79
5193900 17313 1.5% 91.239.216.15
Top-10 Dst IPs by Packets:
Packets Est. Rate % of Total Dst IP
----------------------------------------------------
17700900 59003 5.3% 132.72.23.183
13287600 44292 3.9% 132.73.124.68
12458700 41529 3.7% 132.73.124.72
11429100 38097 3.4% 132.73.124.48
10061100 33537 3.0% 132.73.124.8
9813300 32711 2.9% 132.73.124.236
9666900 32223 2.9% 132.76.105.72
8950200 29834 2.7% 199.232.82.172
6546900 21823 1.9% 132.74.74.134
6410100 21367 1.9% 192.114.101.113
Top-10 Possible Targets by Bytes:
Src IP Src Port Dst IP Dst Port Sampled Count
-------------------------------------------------------------
2.23.231.234 66996309600
2.23.231.234 443 66898606800
2.23.231.161 56622204000
2.23.231.161 443 56467148700
23.41.187.31 443 33396614400
23.41.187.31 33396614400
199.232.82.172 30271325400
23.41.187.5 443 28900949700
23.41.187.5 28900949700
199.232.82.172 443 28089617400
Metric Info:
2M TCP Packets/s
Alert Type:
time_window
Alert Description:
High TCP packet rate.
Start Time: 2025-11-17 02:13:43
End Time: ongoing
First Event Seen: 2025-11-17 02:11:00
Last Event Seen: 2025-11-17 04:01:00
Further Details:
https://secondary.nemo.geant.org/alerts/details/221447/
More information about the Nemo-ddos-list
mailing list