[NeMo-DDoS-List] FW: [Geant NeMo] Analysis for Alert #244419 WARN: IUCC (AS378) - [Email_Analysis] [IUCC] [Customer]

Hank Nussbacher hank at mail.iucc.ac.il
Thu Apr 23 05:12:16 IDT 2026 



________________________________________
From: nemo-ddos at host.geant.org <nemo-ddos at host.geant.org>
Sent: Thursday, April 23, 2026 5:12:08 AM (UTC+02:00) Jerusalem
To: soc at geant.org
Subject: [Geant NeMo] Analysis for Alert #244419 WARN: IUCC (AS378) - [Email_Analysis] [IUCC] [Customer]

Please find the analysis details for the Alert ID: 244419

Top-10 Src IPs by Packets:
   Packets   Est. Rate   % of Total            Src IP
----------------------------------------------------
  33805200      112684        12.2%     160.119.76.29
  32379300      107931        11.7%     160.119.76.28
  27066600       90222         9.7%     160.119.76.22
  26499600       88332         9.5%     160.119.76.26
  17205900       57353         6.2%     160.119.76.23
  10948200       36494         3.9%   142.251.141.251
   9554400       31848         3.4%     162.125.69.12
   8379000       27930         3.0%   142.250.181.187
   3489600       11632         1.3%     13.95.121.232
   3100800       10336         1.1%    199.232.82.172

Top-10 Dst IPs by Packets:
   Packets   Est. Rate   % of Total            Dst IP
----------------------------------------------------
  20333400       67778         7.3%     132.76.82.194
  11400900       38003         4.1%      132.70.60.17
  10123800       33746         3.6%      132.76.61.52
   8273400       27578         3.0%   128.139.225.242
   5103600       17012         1.8%      132.70.60.26
   4100700       13669         1.5%    132.70.248.247
   2412900        8043         0.9%     128.139.200.4
   2174700        7249         0.8%     128.139.200.5
   1959300        6531         0.7%      132.76.61.53
   1819500        6065         0.7%       132.70.19.4

Top-10 Possible Targets by Bytes:
           Src IP   Src Port          Dst IP   Dst Port   Sampled Count
---------------------------------------------------------------------
                         443   132.76.82.194                28932543300
                               132.76.82.194                28932543300
                         443    132.70.60.17                16695117300
                                132.70.60.17                16695117300
  142.251.141.251        443                                15600324300
  142.251.141.251                                           15600324300
  142.251.141.251                                 64592     15600293100
                               132.76.82.194      64592     15600293100
    162.125.69.12        443                                14264678400
    162.125.69.12                                           14264678400

Metric Info:
2M Packets/s

Alert Type:
time_window

Alert Description:
High packet rate.

Start Time: 2026-04-23 02:11:53
End Time: ongoing

First Event Seen: 2026-04-23 02:09:00
Last Event Seen: 2026-04-23 02:10:00

Further Details:
https://secondary.nemo.geant.org/alerts/details/244419/

More information about the Nemo-ddos-list mailing list