[NeMo-DDoS-List] FW: [Geant NeMo] Analysis for Alert #384789 CRIT: IUCC (AS378) - [Customer] [Email_Analysis] [IUCC]

Tue Sep 9 02:47:49 IDT 2025



________________________________________
From: nemo-ddos at host.geant.org <nemo-ddos at host.geant.org>
Sent: Tuesday, September 9, 2025 2:47:43 AM (UTC+02:00) Jerusalem
To: soc at geant.org
Subject: [Geant NeMo] Analysis for Alert #384789 CRIT: IUCC (AS378) - [Customer] [Email_Analysis] [IUCC]

Please find the analysis details for the Alert ID: 384789

Top-10 Src IPs by Packets:
   Packets   Est. Rate   % of Total            Src IP
----------------------------------------------------
  86117400      287058        22.7%      23.41.187.24
  78547200      261824        20.7%      23.41.187.16
  10289100       34297         2.7%     132.73.124.40
  10211700       34039         2.7%     132.73.124.48
   7641600       25472         2.0%     132.73.124.72
   7312500       24375         1.9%     132.73.124.96
   6462300       21541         1.7%     132.73.124.82
   6280800       20936         1.7%      132.73.124.8
   6003000       20010         1.6%     132.73.124.60
   5142900       17143         1.4%   142.250.179.170

Top-10 Dst IPs by Packets:
   Packets   Est. Rate   % of Total           Dst IP
---------------------------------------------------
  42282000      140940        11.1%     23.41.187.24
  37511400      125038         9.9%     23.41.187.16
  22558500       75195         5.9%    132.73.124.40
  19206000       64020         5.1%    132.73.124.48
  16471200       54904         4.3%    132.73.124.72
  14947500       49825         3.9%    132.73.124.96
  14116500       47055         3.7%    132.73.124.82
  13584600       45282         3.6%    132.73.124.60
  11904900       39683         3.1%     132.73.124.8
   9258300       30861         2.4%   132.73.124.112

Top-10 Possible Targets by Bytes:
        Src IP   Src Port          Dst IP   Dst Port   Sampled Count
------------------------------------------------------------------
  23.41.187.24                                          128697701400
  23.41.187.24        443                               128695001400
  23.41.187.16        443                               117490513200
  23.41.187.16                                          117490513200
                            132.73.124.40                33257857500
                      443   132.73.124.40                33257786400
                            132.73.124.48                26716111200
                      443   132.73.124.48                26707267200
                            132.73.124.72                23633582100
                      443   132.73.124.72                23573120100

Metric Info:
1M Packets/s

Alert Type:
time_window

Alert Description:
High packet rate

Start Time: 2025-09-08 23:43:33
End Time: ongoing

First Event Seen: 2025-09-08 23:41:00
Last Event Seen: 2025-09-08 23:46:00

Further Details:
https://primary.nemo.geant.org/alerts/details/384789/