[NeMo-DDoS-List] FW: [Geant NeMo] Analysis for Alert #244066 WARN: IUCC (AS378) - [Email_Analysis] [IUCC] [Customer]
Hank Nussbacher
hank at mail.iucc.ac.il
Wed Apr 22 00:56:15 IDT 2026
________________________________________
From: nemo-ddos at host.geant.org <nemo-ddos at host.geant.org>
Sent: Wednesday, April 22, 2026 12:56:08 AM (UTC+02:00) Jerusalem
To: soc at geant.org
Subject: [Geant NeMo] Analysis for Alert #244066 WARN: IUCC (AS378) - [Email_Analysis] [IUCC] [Customer]
Please find the analysis details for the Alert ID: 244066
Top-10 Src IPs by Packets:
Packets Est. Rate % of Total Src IP
---------------------------------------------------------
66481200 221604 13.8% 160.119.76.34
40239300 134131 8.4% 160.119.76.37
38477100 128257 8.0% 160.119.76.31
37690200 125634 7.8% 160.119.76.30
36631800 122106 7.6% 160.119.76.33
36063300 120211 7.5% 160.119.76.36
25437600 84792 5.3% 160.119.76.35
8937900 29793 1.9% 2001:bf8:900:d:2::71
5732100 19107 1.2% 52.217.112.217
5058600 16862 1.1% 93.123.17.252
Top-10 Dst IPs by Packets:
Packets Est. Rate % of Total Dst IP
---------------------------------------------------------
18123000 60410 3.8% 128.139.225.242
6819000 22730 1.4% 2602:fd0f:0:1001::20
5732100 19107 1.2% 132.76.212.75
4595100 15317 1.0% 192.114.5.10
4414200 14714 0.9% 132.71.146.63
3475800 11586 0.7% 128.139.200.4
3349800 11166 0.7% 128.139.200.5
2359200 7864 0.5% 132.71.21.96
2351400 7838 0.5% 132.76.61.52
2171400 7238 0.5% 132.74.242.36
Top-10 Possible Targets by Bytes:
Src IP Src Port Dst IP Dst Port Sampled Count
---------------------------------------------------------------------------------
128.139.225.242 21069180600
443 128.139.225.242 18858459900
2001:bf8:900:d:2::71 8443 13399278600
2001:bf8:900:d:2::71 13399278600
8443 2602:fd0f:0:1001::20 10224697200
2602:fd0f:0:1001::20 10224697200
52.217.112.217 443 8317118700
52.217.112.217 38785 8317118700
52.217.112.217 8317118700
443 132.76.212.75 8317118700
Metric Info:
2M Packets/s
Alert Type:
time_window
Alert Description:
High packet rate.
Start Time: 2026-04-21 21:55:51
End Time: ongoing
First Event Seen: 2026-04-21 21:53:00
Last Event Seen: 2026-04-21 21:54:00
Further Details:
https://secondary.nemo.geant.org/alerts/details/244066/
More information about the Nemo-ddos-list
mailing list