[NeMo-DDoS-List] FW: [Geant NeMo] Analysis for Alert #242304 WARN: IUCC (AS378) - [Email_Analysis] [IUCC] [Customer]

Hank Nussbacher hank at mail.iucc.ac.il
Thu Apr 16 13:24:37 IDT 2026 



________________________________________
From: nemo-ddos at host.geant.org <nemo-ddos at host.geant.org>
Sent: Thursday, April 16, 2026 1:24:32 PM (UTC+02:00) Jerusalem
To: soc at geant.org
Subject: [Geant NeMo] Analysis for Alert #242304 WARN: IUCC (AS378) - [Email_Analysis] [IUCC] [Customer]

Please find the analysis details for the Alert ID: 242304

Top-10 Src IPs by Packets:
    Packets   Est. Rate   % of Total          Src IP
---------------------------------------------------
  119309700      397699        12.9%   160.119.76.38
  107896800      359656        11.7%   160.119.76.34
   98652900      328843        10.7%   160.119.76.36
   64406100      214687         7.0%   160.119.76.28
   64008600      213362         6.9%   160.119.76.19
   63990300      213301         6.9%   160.119.76.16
   63897600      212992         6.9%   160.119.76.27
   61578000      205260         6.7%   160.119.76.22
   60351900      201173         6.5%   160.119.76.32
   53645400      178818         5.8%   160.119.76.30

Top-10 Dst IPs by Packets:
  Packets   Est. Rate   % of Total                                 Dst IP
------------------------------------------------------------------------
   230400         768         0.0%                         132.73.124.194
   192000         640         0.0%                          192.114.3.241
    96600         322         0.0%                         192.114.23.221
    91800         306         0.0%                            132.70.66.9
    90000         300         0.0%                          132.64.168.19
    63300         211         0.0%                         192.114.91.248
    62400         208         0.0%                         132.73.124.145
    60600         202         0.0%   2001:bf8:200:391:68ea:2f24:10ef:201b
    57000         190         0.0%                           132.70.66.14
    55500         185         0.0%                           132.76.61.53

Top-10 Possible Targets by Bytes:
         Src IP   Src Port   Dst IP   Dst Port   Sampled Count
------------------------------------------------------------
  160.119.76.38                                     4772388000
  160.119.76.34                                     4315872000
  160.119.76.36                                     3946116000
  160.119.76.28      54661                          2576244000
  160.119.76.28                                     2576244000
  160.119.76.38      54679                          2563572000
  160.119.76.19      54653                          2560344000
  160.119.76.19                                     2560344000
  160.119.76.16      54645                          2559612000
  160.119.76.16                                     2559612000

Metric Info:
1M ACK Packets/s, 1M SYN Packets/s

Alert Type:
time_window

Alert Description:
Abnormal ratio of SYN packets to ACK packets.

Start Time: 2026-04-16 10:21:05
End Time: ongoing

First Event Seen: 2026-04-16 10:18:00
Last Event Seen: 2026-04-16 10:22:00

Further Details:
https://secondary.nemo.geant.org/alerts/details/242304/

More information about the Nemo-ddos-list mailing list