[NeMo-DDoS-List] FW: [Geant NeMo] Analysis for Alert #239767 WARN: IUCC (AS378) - [Email_Analysis] [IUCC] [Customer]

Hank Nussbacher hank at mail.iucc.ac.il
Wed Apr 1 04:19:15 IDT 2026 



________________________________________
From: nemo-ddos at host.geant.org <nemo-ddos at host.geant.org>
Sent: Wednesday, April 1, 2026 4:19:06 AM (UTC+02:00) Jerusalem
To: soc at geant.org
Subject: [Geant NeMo] Analysis for Alert #239767 WARN: IUCC (AS378) - [Email_Analysis] [IUCC] [Customer]

Please find the analysis details for the Alert ID: 239767

Top-10 Src IPs by Packets:
   Packets   Est. Rate   % of Total           Src IP
---------------------------------------------------
  27206400       90688         9.8%     65.9.175.125
  25544100       85147         9.2%      65.9.175.44
  24856500       82855         9.0%      65.9.175.17
  23224500       77415         8.4%      65.9.175.95
   5979600       19932         2.2%   142.251.209.42
   4676100       15587         1.7%    52.217.254.57
   4424400       14748         1.6%     16.182.99.25
   3952200       13174         1.4%     16.15.199.59
   3815400       12718         1.4%    37.27.137.208
   3458700       11529         1.2%    52.216.93.115

Top-10 Dst IPs by Packets:
    Packets   Est. Rate   % of Total            Dst IP
-----------------------------------------------------
  100854300      336181        36.4%     132.70.60.180
   24445800       81486         8.8%     132.65.180.21
    5852400       19508         2.1%     132.74.68.184
    4892400       16308         1.8%     132.74.74.134
    3815400       12718         1.4%     132.76.105.72
    3660900       12203         1.3%   128.139.225.242
    3291300       10971         1.2%     13.200.12.108
    2550600        8502         0.9%     192.114.3.241
    2237400        7458         0.8%     128.139.200.5
    1399200        4664         0.5%      132.76.61.53

Top-10 Possible Targets by Bytes:
        Src IP   Src Port          Dst IP   Dst Port   Sampled Count
------------------------------------------------------------------
                      443   132.70.60.180               148794061500
                            132.70.60.180               148794061500
  65.9.175.125        443                                40097478900
  65.9.175.125                                           40097478900
   65.9.175.44        443                                37734311400
   65.9.175.44                                           37734311400
   65.9.175.17        443                                36697070400
   65.9.175.17                                           36697070400
                      443   132.65.180.21                35806939200
                            132.65.180.21                35806939200

Metric Info:
1M Packets/s

Alert Type:
time_window

Alert Description:
High packet rate.

Start Time: 2026-04-01 01:18:57
End Time: ongoing

First Event Seen: 2026-04-01 01:16:00
Last Event Seen: 2026-04-01 01:17:00

Further Details:
https://secondary.nemo.geant.org/alerts/details/239767/

More information about the Nemo-ddos-list mailing list