[NeMo-DDoS-List] FW: [Geant NeMo] Analysis for Alert #245551 WARN: IUCC (AS378) - [Email_Analysis] [IUCC] [Customer]
Hank Nussbacher
hank at mail.iucc.ac.il
Sun Apr 26 13:10:12 IDT 2026
________________________________________
From: nemo-ddos at host.geant.org <nemo-ddos at host.geant.org>
Sent: Sunday, April 26, 2026 1:10:06 PM (UTC+02:00) Jerusalem
To: soc at geant.org
Subject: [Geant NeMo] Analysis for Alert #245551 WARN: IUCC (AS378) - [Email_Analysis] [IUCC] [Customer]
Please find the analysis details for the Alert ID: 245551
Top-10 Src IPs by Packets:
Packets Est. Rate % of Total Src IP
---------------------------------------------------
52790100 175967 18.2% 160.119.76.25
37722000 125740 13.0% 160.119.76.16
37183500 123945 12.8% 160.119.76.23
36648300 122161 12.7% 160.119.76.29
35927700 119759 12.4% 160.119.76.19
33800100 112667 11.7% 160.119.76.28
24019200 80064 8.3% 160.119.76.26
1568400 5228 0.5% 149.50.114.248
746400 2488 0.3% 18.221.179.104
537300 1791 0.2% 45.79.123.76
Top-10 Dst IPs by Packets:
Packets Est. Rate % of Total Dst IP
---------------------------------------------------
164100 547 0.1% 132.73.124.194
81000 270 0.0% 192.114.5.10
69600 232 0.0% 192.114.91.244
69600 232 0.0% 192.114.105.254
68700 229 0.0% 192.114.91.245
65100 217 0.0% 192.114.91.247
61200 204 0.0% 192.114.91.249
60000 200 0.0% 192.114.23.238
59400 198 0.0% 192.114.91.246
57900 193 0.0% 192.114.91.248
Top-10 Possible Targets by Bytes:
Src IP Src Port Dst IP Dst Port Sampled Count
------------------------------------------------------------
160.119.76.25 2111604000
160.119.76.16 57839 1508880000
160.119.76.16 1508880000
160.119.76.23 57852 1487340000
160.119.76.23 1487340000
160.119.76.29 57823 1465932000
160.119.76.29 1465932000
160.119.76.19 57838 1437108000
160.119.76.19 1437108000
160.119.76.28 57846 1352004000
Metric Info:
1M SYN Packets/s
Alert Type:
time_window
Alert Description:
High SYN packet rate.
Start Time: 2026-04-26 10:06:57
End Time: ongoing
First Event Seen: 2026-04-26 10:04:00
Last Event Seen: 2026-04-26 10:08:00
Further Details:
https://secondary.nemo.geant.org/alerts/details/245551/
More information about the Nemo-ddos-list
mailing list