[NeMo-DDoS-List] FW: [Geant NeMo] Analysis for Alert #244149 CRIT: IUCC (AS378) - [Email_Analysis] [IUCC] [Customer]

Hank Nussbacher hank at mail.iucc.ac.il
Wed Apr 22 06:25:11 IDT 2026 



________________________________________
From: nemo-ddos at host.geant.org <nemo-ddos at host.geant.org>
Sent: Wednesday, April 22, 2026 6:25:00 AM (UTC+02:00) Jerusalem
To: soc at geant.org
Subject: [Geant NeMo] Analysis for Alert #244149 CRIT: IUCC (AS378) - [Email_Analysis] [IUCC] [Customer]

Please find the analysis details for the Alert ID: 244149

Top-10 Src IPs by Packets:
   Packets   Est. Rate   % of Total            Src IP
----------------------------------------------------
  59764200      199214        14.8%     160.119.76.26
  47957100      159857        11.9%     160.119.76.29
  47684400      158948        11.8%     160.119.76.23
  44381400      147938        11.0%     160.119.76.18
  44159100      147197        11.0%     160.119.76.27
  40747200      135824        10.1%     160.119.76.22
   5195400       17318         1.3%    199.232.82.172
   2821800        9406         0.7%     17.253.57.200
   2328300        7761         0.6%   199.232.210.172
   2259600        7532         0.6%   199.232.214.172

Top-10 Dst IPs by Packets:
  Packets   Est. Rate   % of Total            Dst IP
---------------------------------------------------
  4911900       16373         1.2%     132.73.124.40
  4492200       14974         1.1%   128.139.225.242
  2821500        9405         0.7%      132.71.21.96
  2346300        7821         0.6%     128.139.200.4
  2003700        6679         0.5%      132.76.61.51
  1780500        5935         0.4%     128.139.200.5
  1697100        5657         0.4%    128.139.220.90
  1688700        5629         0.4%       132.70.19.4
  1480500        4935         0.4%    199.232.82.172
  1468800        4896         0.4%     192.114.52.12

Top-10 Possible Targets by Bytes:
          Src IP   Src Port          Dst IP   Dst Port   Sampled Count
--------------------------------------------------------------------
  199.232.82.172                                            7324902000
  199.232.82.172         80                                 7293001200
                              132.73.124.40                 6590915100
                         80   132.73.124.40                 6517006200
   17.253.57.200        443                                 4220979600
   17.253.57.200                                            4220979600
   17.253.57.200                                 64080      4220964000
                        443    132.71.21.96                 4220964000
                               132.71.21.96      64080      4220964000
                               132.71.21.96                 4220964000

Metric Info:
1M Packets/s

Alert Type:
time_window

Alert Description:
High packet rate.

Start Time: 2026-04-22 03:20:52
End Time: ongoing

First Event Seen: 2026-04-22 03:18:00
Last Event Seen: 2026-04-22 03:23:00

Further Details:
https://secondary.nemo.geant.org/alerts/details/244149/

More information about the Nemo-ddos-list mailing list