[NeMo-DDoS-List] FW: [Geant NeMo] Analysis for Alert #221448 CRIT: IUCC (AS378) - [Customer] [Email_Analysis] [IUCC]

Mon Nov 17 06:08:24 IST 2025

________________________________________
From: nemo-ddos at host.geant.org <nemo-ddos at host.geant.org>
Sent: Monday, November 17, 2025 6:08:17 AM (UTC+02:00) Jerusalem
To: soc at geant.org
Subject: [Geant NeMo] Analysis for Alert #221448 CRIT: IUCC (AS378) - [Customer] [Email_Analysis] [IUCC]

Please find the analysis details for the Alert ID: 221448

Top-10 Src IPs by Packets:
   Packets   Est. Rate   % of Total           Src IP
---------------------------------------------------
  44790300      149301        14.4%     2.23.231.234
  37984500      126615        12.2%     2.23.231.161
  22317300       74391         7.2%     23.41.187.31
  21569700       71899         6.9%   199.232.82.172
  19337700       64459         6.2%      23.41.187.5
   9666900       32223         3.1%   154.61.149.102
   6605400       22018         2.1%    52.98.242.226
   6141000       20470         2.0%       132.74.3.4
   5744400       19148         1.8%     13.32.121.79
   4866600       16222         1.6%    162.125.69.12

Top-10 Dst IPs by Packets:
   Packets   Est. Rate   % of Total            Dst IP
----------------------------------------------------
  17700900       59003         5.7%     132.72.23.183
  13285800       44286         4.3%     132.73.124.68
  12459600       41532         4.0%     132.73.124.72
  11427900       38093         3.7%     132.73.124.48
  10048200       33494         3.2%      132.73.124.8
   9813600       32712         3.1%    132.73.124.236
   9666900       32223         3.1%     132.76.105.72
   8946600       29822         2.9%    199.232.82.172
   6546900       21823         2.1%     132.74.74.134
   6410100       21367         2.1%   192.114.101.113

Top-10 Possible Targets by Bytes:
          Src IP   Src Port   Dst IP   Dst Port   Sampled Count
-------------------------------------------------------------
    2.23.231.234                                    66996309600
    2.23.231.234        443                         66898606800
    2.23.231.161                                    56622204000
    2.23.231.161        443                         56467148700
    23.41.187.31        443                         33396614400
    23.41.187.31                                    33396614400
  199.232.82.172                                    30271325400
     23.41.187.5        443                         28900949700
     23.41.187.5                                    28900949700
  199.232.82.172        443                         28089617400

Metric Info:
2M ACK Packets/s

Alert Type:
time_window

Alert Description:
High ACK packet rate.

Start Time: 2025-11-17 02:13:43
End Time: ongoing

First Event Seen: 2025-11-17 02:11:00
Last Event Seen: 2025-11-17 04:06:00

Further Details:
https://secondary.nemo.geant.org/alerts/details/221448/