[NeMo-DDoS-List] FW: [Geant NeMo] Analysis for Alert #239959 WARN: IUCC (AS378) - [Email_Analysis] [IUCC] [Customer]

Hank Nussbacher hank at mail.iucc.ac.il
Fri Apr 3 07:47:09 IDT 2026 



________________________________________
From: nemo-ddos at host.geant.org <nemo-ddos at host.geant.org>
Sent: Friday, April 3, 2026 7:47:03 AM (UTC+02:00) Jerusalem
To: soc at geant.org
Subject: [Geant NeMo] Analysis for Alert #239959 WARN: IUCC (AS378) - [Email_Analysis] [IUCC] [Customer]

Please find the analysis details for the Alert ID: 239959

Top-10 Src IPs by Packets:
   Packets   Est. Rate   % of Total                 Src IP
---------------------------------------------------------
  38137500      127125        16.6%          184.25.50.192
  17943300       59811         7.8%          184.25.50.178
  14578800       48596         6.4%          104.21.83.123
  11229600       37432         4.9%         172.67.175.213
   8747700       29159         3.8%         146.75.122.172
   7312800       24376         3.2%            23.48.23.56
   7069200       23564         3.1%   2001:bf8:900:d:2::71
   5982000       19940         2.6%            23.48.23.67
   5643600       18812         2.5%            23.48.23.29
   4766100       15887         2.1%            23.48.23.21

Top-10 Dst IPs by Packets:
   Packets   Est. Rate   % of Total           Dst IP
---------------------------------------------------
  25808400       86028        11.3%   132.67.130.202
   7873200       26244         3.4%   132.71.124.123
   5985600       19952         2.6%   132.71.124.148
   5358900       17863         2.3%   132.71.124.139
   5039400       16798         2.2%   132.71.124.117
   5016300       16721         2.2%    132.74.74.134
   4780500       15935         2.1%   132.71.124.118
   4557300       15191         2.0%   132.71.124.145
   4386000       14620         1.9%    132.71.124.18
   4240200       14134         1.8%   132.71.124.236

Top-10 Possible Targets by Bytes:
          Src IP   Src Port           Dst IP   Dst Port   Sampled Count
---------------------------------------------------------------------
   184.25.50.192        443                                 57085839900
   184.25.50.192                                            57085839900
                         80   132.67.130.202                38677226400
                              132.67.130.202                38677226400
   184.25.50.178        443                                 26873880000
   184.25.50.178                                            26873880000
   104.21.83.123         80                                 21856454400
   104.21.83.123                                            21856454400
  172.67.175.213         80                                 16820772000
  172.67.175.213                                            16820772000

Metric Info:
1M Packets/s

Alert Type:
time_window

Alert Description:
High packet rate.

Start Time: 2026-04-03 04:46:53
End Time: ongoing

First Event Seen: 2026-04-03 04:44:00
Last Event Seen: 2026-04-03 04:45:00

Further Details:
https://secondary.nemo.geant.org/alerts/details/239959/

More information about the Nemo-ddos-list mailing list