[NeMo-DDoS-List] FW: [Geant NeMo] Analysis for Alert #214367 CRIT: IUCC (AS378) - [Customer] [Email_Analysis] [IUCC]

[Hank Nussbacher]

________________________________________
From: nemo-ddos at host.geant.org <nemo-ddos at host.geant.org>
Sent: Friday, September 19, 2025 12:16:13 PM (UTC+02:00) Jerusalem
To: soc at geant.org
Subject: [Geant NeMo] Analysis for Alert #214367 CRIT: IUCC (AS378) - [Customer] [Email_Analysis] [IUCC]

Please find the analysis details for the Alert ID: 214367

Top-10 Src IPs by Packets:
   Packets   Est. Rate   % of Total                 Src IP
---------------------------------------------------------
  61801800      206006        19.3%         142.251.209.46
  32069700      106899        10.0%         216.58.204.142
  10875300       36251         3.4%   2001:bf8:900:d:2::71
   8875800       29586         2.8%          132.73.124.32
   8632800       28776         2.7%          132.73.124.72
   8093700       26979         2.5%          132.73.124.68
   7453200       24844         2.3%           132.73.124.8
   6348900       21163         2.0%         132.73.124.132
   4026600       13422         1.3%         132.73.124.236
   3874800       12916         1.2%          132.73.124.48

Top-10 Dst IPs by Packets:
   Packets   Est. Rate   % of Total           Dst IP
---------------------------------------------------
  55500300      185001        17.3%   142.251.209.46
  29966700       99889         9.4%   216.58.204.142
  10317600       34392         3.2%    132.73.124.72
   9970800       33236         3.1%    132.73.124.68
   8634000       28780         2.7%     132.73.124.8
   8374800       27916         2.6%    132.73.124.32
   6377100       21257         2.0%   132.73.124.132
   5952300       19841         1.9%   132.73.124.236
   4697100       15657         1.5%     132.76.61.52
   4575900       15253         1.4%    132.73.124.88

Top-10 Possible Targets by Bytes:
                Src IP   Src Port          Dst IP   Dst Port   Sampled Count
--------------------------------------------------------------------------
        142.251.209.46                                           89400666300
        142.251.209.46        443                                89400638700
        216.58.204.142        443                                45934756800
        216.58.204.142                                           45934756800
  2001:bf8:900:d:2::71                                           16268063400
  2001:bf8:900:d:2::71       8443                                14774591400
                              443   132.73.124.68                14125839600
                                    132.73.124.68                14125839600
                                    132.73.124.72                14014426500
                              443   132.73.124.72                14007258000

Metric Info:
1M Packets/s

Alert Type:
time_window

Alert Description:
High packet rate.

Start Time: 2025-09-19 09:11:57
End Time: ongoing

First Event Seen: 2025-09-19 09:09:00
Last Event Seen: 2025-09-19 09:14:00

Further Details:
https://secondary.nemo.geant.org/alerts/details/214367/