[NeMo-DDoS-List] FW: [Geant NeMo] Analysis for Alert #214051 WARN: IUCC (AS378) - [Customer] [Email_Analysis] [IUCC]

Tue Sep 16 04:09:10 IDT 2025

________________________________________
From: nemo-ddos at host.geant.org <nemo-ddos at host.geant.org>
Sent: Tuesday, September 16, 2025 4:09:01 AM (UTC+02:00) Jerusalem
To: soc at geant.org
Subject: [Geant NeMo] Analysis for Alert #214051 WARN: IUCC (AS378) - [Customer] [Email_Analysis] [IUCC]

Please find the analysis details for the Alert ID: 214051

Top-10 Src IPs by Packets:
   Packets   Est. Rate   % of Total            Src IP
----------------------------------------------------
  48414300      161381        15.6%      23.7.245.202
  38979600      129932        12.6%      23.7.245.137
  23956800       79856         7.7%       80.67.68.57
  19164900       63883         6.2%       80.67.68.59
  11292300       37641         3.6%     132.74.112.76
  10101300       33671         3.3%     132.73.124.68
   9899400       32998         3.2%     132.73.124.48
   4877700       16259         1.6%      132.73.124.8
   4212600       14042         1.4%     132.72.23.183
   3994500       13315         1.3%   142.250.180.138

Top-10 Dst IPs by Packets:
   Packets   Est. Rate   % of Total            Dst IP
----------------------------------------------------
  21714000       72380         7.0%     132.73.124.68
  20118900       67063         6.5%     132.72.23.183
  19533600       65112         6.3%      23.7.245.202
  18072300       60241         5.8%      23.7.245.137
  17528400       58428         5.7%     132.73.124.48
  12274800       40916         4.0%     132.73.124.40
  11779200       39264         3.8%   142.250.180.138
  10682700       35609         3.5%      132.73.124.8
   9518700       31729         3.1%       80.67.68.57
   8964600       29882         2.9%       80.67.68.59

Top-10 Possible Targets by Bytes:
        Src IP   Src Port          Dst IP   Dst Port   Sampled Count
------------------------------------------------------------------
  23.7.245.202                                           72308784900
  23.7.245.202        443                                72289320000
  23.7.245.137                                           58257489600
  23.7.245.137        443                                58237491300
   80.67.68.57                                           35597513700
   80.67.68.57        443                                35596986600
                            132.73.124.68                31691054700
                      443   132.73.124.68                30944749500
                            132.72.23.183                29661357300
                      443   132.72.23.183                29658350100

Metric Info:
1M Packets/s

Alert Type:
time_window

Alert Description:
High packet rate.

Start Time: 2025-09-16 01:08:53
End Time: ongoing

First Event Seen: 2025-09-16 01:06:00
Last Event Seen: 2025-09-16 01:07:00

Further Details:
https://secondary.nemo.geant.org/alerts/details/214051/