[NeMo-DDoS-List] FW: [Geant NeMo] Analysis for Alert #214346 WARN: IUCC (AS378) - [Customer] [Email_Analysis] [IUCC]

Fri Sep 19 07:46:07 IDT 2025

________________________________________
From: nemo-ddos at host.geant.org <nemo-ddos at host.geant.org>
Sent: Friday, September 19, 2025 7:45:54 AM (UTC+02:00) Jerusalem
To: soc at geant.org
Subject: [Geant NeMo] Analysis for Alert #214346 WARN: IUCC (AS378) - [Customer] [Email_Analysis] [IUCC]

Please find the analysis details for the Alert ID: 214346

Top-10 Src IPs by Packets:
   Packets   Est. Rate   % of Total                 Src IP
---------------------------------------------------------
  88897500      296325        31.9%         146.75.122.172
  44341200      147804        15.9%         194.180.48.148
   9516600       31722         3.4%         146.75.118.172
   7606500       25355         2.7%            132.68.58.1
   6781500       22605         2.4%   2001:bf8:900:d:2::71
   3684600       12282         1.3%            132.70.19.4
   3255300       10851         1.2%           132.69.32.30
   3216000       10720         1.2%           23.41.187.10
   2935500        9785         1.1%        142.250.180.170
   2614200        8714         0.9%          23.213.161.12

Top-10 Dst IPs by Packets:
   Packets   Est. Rate   % of Total                       Dst IP
---------------------------------------------------------------
  18210000       60700         6.5%               146.75.122.172
   7981800       26606         2.9%                13.107.138.10
   3727800       12426         1.3%               142.251.209.42
   3684600       12282         1.3%                20.209.177.33
   3474900       11583         1.2%    2001:760:4205:128::130:48
   3146100       10487         1.1%                132.74.74.134
   2739600        9132         1.0%               216.58.204.234
   2596800        8656         0.9%   2001:760:4205:128::129:201
   2366100        7887         0.8%                132.71.124.85
   2177400        7258         0.8%               132.71.124.159

Top-10 Possible Targets by Bytes:
                Src IP   Src Port          Dst IP   Dst Port   Sampled Count
--------------------------------------------------------------------------
        146.75.122.172                                          127096965600
        146.75.122.172        443                               121014958500
        146.75.118.172                                           12244866600
        146.75.118.172        443                                12063606300
                                    13.107.138.10        443     11053480800
                                    13.107.138.10                11053480800
           132.68.58.1                                   443     10934968500
           132.68.58.1                                           10934968500
  2001:bf8:900:d:2::71       8443                                10016697600
  2001:bf8:900:d:2::71                                           10016697600

Metric Info:
1M Packets/s

Alert Type:
time_window

Alert Description:
High packet rate.

Start Time: 2025-09-19 04:45:46
End Time: ongoing

First Event Seen: 2025-09-19 04:43:00
Last Event Seen: 2025-09-19 04:44:00

Further Details:
https://secondary.nemo.geant.org/alerts/details/214346/