[NeMo-DDoS-List] FW: [Geant NeMo] Analysis for Alert #214051 CRIT: IUCC (AS378) - [Customer] [Email_Analysis] [IUCC]

[Hank Nussbacher]

________________________________________
From: nemo-ddos at host.geant.org <nemo-ddos at host.geant.org>
Sent: Tuesday, September 16, 2025 4:13:04 AM (UTC+02:00) Jerusalem
To: soc at geant.org
Subject: [Geant NeMo] Analysis for Alert #214051 CRIT: IUCC (AS378) - [Customer] [Email_Analysis] [IUCC]

Please find the analysis details for the Alert ID: 214051

Top-10 Src IPs by Packets:
   Packets   Est. Rate   % of Total          Src IP
--------------------------------------------------
  67273200      224244        16.3%    23.7.245.202
  54949500      183165        13.3%    23.7.245.137
  31777500      105925         7.7%     80.67.68.57
  28162800       93876         6.8%     80.67.68.59
  16108800       53696         3.9%   132.73.124.48
  13270500       44235         3.2%   132.73.124.68
  11292300       37641         2.7%   132.74.112.76
   6712800       22376         1.6%   132.72.23.183
   6708300       22361         1.6%    132.73.124.8
   5797500       19325         1.4%   132.73.124.40

Top-10 Dst IPs by Packets:
   Packets   Est. Rate   % of Total            Dst IP
----------------------------------------------------
  30032700      100109         7.3%      23.7.245.202
  28524000       95080         6.9%     132.73.124.48
  27632100       92107         6.7%     132.73.124.68
  27252900       90843         6.6%      23.7.245.137
  25837800       86126         6.3%     132.72.23.183
  16602000       55340         4.0%     132.73.124.40
  14212200       47374         3.4%      132.73.124.8
  13961700       46539         3.4%       80.67.68.59
  13857600       46192         3.4%       80.67.68.57
  12065700       40219         2.9%   142.250.180.138

Top-10 Possible Targets by Bytes:
        Src IP   Src Port          Dst IP   Dst Port   Sampled Count
------------------------------------------------------------------
  23.7.245.202                                          100267745400
  23.7.245.202        443                               100248164100
  23.7.245.137                                           81931188900
  23.7.245.137        443                                81907365900
   80.67.68.57                                           47222286600
   80.67.68.57        443                                47221759500
   80.67.68.59                                           41854315200
   80.67.68.59        443                                41852965200
                            132.73.124.48                41110312500
                      443   132.73.124.48                41024036400

Metric Info:
1M Packets/s

Alert Type:
time_window

Alert Description:
High packet rate.

Start Time: 2025-09-16 01:08:53
End Time: ongoing

First Event Seen: 2025-09-16 01:06:00
Last Event Seen: 2025-09-16 01:11:00

Further Details:
https://secondary.nemo.geant.org/alerts/details/214051/