[NeMo-DDoS-List] FW: [Geant NeMo] Analysis for Alert #227830 WARN: IUCC (AS378) - [Customer] [Email_Analysis] [IUCC]

Wed Jan 7 22:10:03 IST 2026

________________________________________
From: nemo-ddos at host.geant.org <nemo-ddos at host.geant.org>
Sent: Wednesday, January 7, 2026 10:09:55 PM (UTC+02:00) Jerusalem
To: soc at geant.org
Subject: [Geant NeMo] Analysis for Alert #227830 WARN: IUCC (AS378) - [Customer] [Email_Analysis] [IUCC]

Please find the analysis details for the Alert ID: 227830

Top-10 Src IPs by Packets:
   Packets   Est. Rate   % of Total            Src IP
----------------------------------------------------
  43497900      144993         9.8%     45.141.233.45
  24442800       81476         5.5%     18.172.112.44
  14983200       49944         3.4%     162.125.69.14
  11520600       38402         2.6%   142.250.181.170
  10970100       36567         2.5%     162.125.69.12
   8399400       27998         1.9%    108.139.243.31
   7692600       25642         1.7%    57.144.248.192
   6302700       21009         1.4%    57.144.244.192
   6144900       20483         1.4%    157.240.253.63
   5813400       19378         1.3%     192.41.236.71

Top-10 Dst IPs by Packets:
    Packets   Est. Rate   % of Total            Dst IP
-----------------------------------------------------
  112625700      375419        25.3%   192.114.101.113
   46941600      156472        10.6%      132.70.60.14
   30016200      100054         6.8%   128.139.225.245
   15708900       52363         3.5%      132.76.61.53
   10950600       36502         2.5%     132.65.180.28
    9667800       32226         2.2%     132.66.253.82
    8399700       27999         1.9%     132.66.112.84
    7785300       25951         1.8%     132.77.41.126
    6647700       22159         1.5%     192.114.3.241
    5531100       18437         1.2%     128.139.200.4

Top-10 Possible Targets by Bytes:
         Src IP   Src Port            Dst IP   Dst Port   Sampled Count
---------------------------------------------------------------------
                             192.114.101.113               168434035500
                       443      132.70.60.14                69144271200
                                132.70.60.14                69144271200
                             128.139.225.245                36099215400
  18.172.112.44        443                                  35975950200
  18.172.112.44                                             35975950200
                       443   128.139.225.245                31174541700
                                132.76.61.53                22687442400
                       443      132.76.61.53                22537261500
  162.125.69.14        443                                  22168034100

Metric Info:
2M Packets/s

Alert Type:
time_window

Alert Description:
High packet rate.

Start Time: 2026-01-07 20:09:45
End Time: ongoing

First Event Seen: 2026-01-07 20:07:00
Last Event Seen: 2026-01-07 20:08:00

Further Details:
https://secondary.nemo.geant.org/alerts/details/227830/