[NeMo-DDoS-List] FW: [Geant NeMo] Analysis for Alert #221749 WARN: IUCC (AS378) - [Customer] [Email_Analysis] [IUCC]

Wed Nov 19 16:32:06 IST 2025

________________________________________
From: nemo-ddos at host.geant.org <nemo-ddos at host.geant.org>
Sent: Wednesday, November 19, 2025 4:31:59 PM (UTC+02:00) Jerusalem
To: soc at geant.org
Subject: [Geant NeMo] Analysis for Alert #221749 WARN: IUCC (AS378) - [Customer] [Email_Analysis] [IUCC]

Please find the analysis details for the Alert ID: 221749

Top-10 Src IPs by Packets:
   Packets   Est. Rate   % of Total            Src IP
----------------------------------------------------
  51833400      172778        56.8%     45.140.222.64
   4770300       15901         5.2%     91.239.216.15
   1395900        4653         1.5%      139.59.58.72
    966900        3223         1.1%     20.168.122.53
    447600        1492         0.5%     18.117.57.162
    444900        1483         0.5%    185.26.239.193
    444300        1481         0.5%      94.102.49.25
    420600        1402         0.5%       3.130.96.91
    356700        1189         0.4%      5.230.73.152
    346200        1154         0.4%   213.111.176.144

Top-10 Dst IPs by Packets:
  Packets   Est. Rate   % of Total            Dst IP
---------------------------------------------------
   329100        1097         0.4%    132.73.124.194
   195300         651         0.2%   192.114.105.254
   133200         444         0.1%    192.114.91.243
   111300         371         0.1%    132.68.114.114
   107400         358         0.1%      192.114.5.10
   105900         353         0.1%    192.114.91.248
   105000         350         0.1%      132.70.66.13
    94500         315         0.1%      132.70.66.14
    90600         302         0.1%      132.70.66.12
    85200         284         0.1%    192.114.91.246

Top-10 Possible Targets by Bytes:
         Src IP   Src Port           Dst IP   Dst Port   Sampled Count
--------------------------------------------------------------------
  45.140.222.64      41832                                  2073336000
  45.140.222.64                                             2073336000
  91.239.216.15                                              191407200
   23.41.187.17        443                                   165248100
   23.41.187.17                                              165248100
   23.41.187.17                                  54794       165214500
                       443   132.68.114.114                  165214500
                             132.68.114.114      54794       165214500
                             132.68.114.114                  165214500
                             132.69.181.101                   78978600

Metric Info:
399k SYN Packets/s

Alert Type:
time_window

Alert Description:
High SYN packet rate.

Start Time: 2025-11-19 14:19:47
End Time: ongoing

First Event Seen: 2025-11-19 14:17:00
Last Event Seen: 2025-11-19 14:30:00

Further Details:
https://secondary.nemo.geant.org/alerts/details/221749/