[NeMo-DDoS-List] FW: [Geant NeMo] Analysis for Alert #384822 WARN: IUCC (AS378) - [Customer] [Email_Analysis] [IUCC]

Tue Sep 9 16:03:00 IDT 2025



________________________________________
From: nemo-ddos at host.geant.org <nemo-ddos at host.geant.org>
Sent: Tuesday, September 9, 2025 4:02:52 PM (UTC+02:00) Jerusalem
To: soc at geant.org
Subject: [Geant NeMo] Analysis for Alert #384822 WARN: IUCC (AS378) - [Customer] [Email_Analysis] [IUCC]

Please find the analysis details for the Alert ID: 384822

Top-10 Src IPs by Packets:
   Packets   Est. Rate   % of Total                 Src IP
---------------------------------------------------------
  44257200      147524         8.6%   2001:bf8:900:d:2::71
  18649800       62166         3.6%           132.76.61.53
  16291800       54306         3.2%           132.76.61.51
  15532800       51776         3.0%         216.58.204.251
  14615100       48717         2.8%         17.248.172.136
  13828500       46095         2.7%        142.250.180.170
  11138700       37129         2.2%        142.250.180.155
  10873200       36244         2.1%            192.114.7.2
   9009000       30030         1.7%         216.58.204.234
   7917600       26392         1.5%         132.65.128.150

Top-10 Dst IPs by Packets:
   Packets   Est. Rate   % of Total            Dst IP
----------------------------------------------------
  52881000      176270        10.2%    132.65.128.150
  15477600       51592         3.0%   142.250.180.170
  14942700       49809         2.9%    128.139.19.218
  14616600       48722         2.8%     132.77.39.167
  14494500       48315         2.8%    216.58.204.234
  12826200       42754         2.5%     13.107.138.10
  12161400       40538         2.4%      132.76.61.53
  11048400       36828         2.1%     13.107.136.10
   8898000       29660         1.7%      132.76.61.51
   8465700       28219         1.6%   142.250.180.138

Top-10 Possible Targets by Bytes:
                Src IP   Src Port           Dst IP   Dst Port   Sampled Count
---------------------------------------------------------------------------
                              443   132.65.128.150                75276640500
                                    132.65.128.150                75276640500
  2001:bf8:900:d:2::71       8443                                 65781038100
  2001:bf8:900:d:2::71                                            65781038100
        216.58.204.251        443                                 22110283200
        216.58.204.251                                            22110283200
                              443    132.77.39.167                21906981000
                                     132.77.39.167                21906981000
        17.248.172.136        443                                 21906048900
        17.248.172.136                                            21906048900

Metric Info:
2M Packets/s

Alert Type:
time_window

Alert Description:
High packet rate

Start Time: 2025-09-09 13:02:33
End Time: ongoing

First Event Seen: 2025-09-09 13:00:00
Last Event Seen: 2025-09-09 13:01:00

Further Details:
https://primary.nemo.geant.org/alerts/details/384822/