[NeMo-DDoS-List] FW: [Geant NeMo] Analysis for Alert #245712 WARN: IUCC (AS378) - [Email_Analysis] [IUCC] [Customer]

Hank Nussbacher hank at mail.iucc.ac.il
Mon Apr 27 00:33:07 IDT 2026 



________________________________________
From: nemo-ddos at host.geant.org <nemo-ddos at host.geant.org>
Sent: Monday, April 27, 2026 12:33:01 AM (UTC+02:00) Jerusalem
To: soc at geant.org
Subject: [Geant NeMo] Analysis for Alert #245712 WARN: IUCC (AS378) - [Email_Analysis] [IUCC] [Customer]

Please find the analysis details for the Alert ID: 245712

Top-10 Src IPs by Packets:
   Packets   Est. Rate   % of Total           Src IP
---------------------------------------------------
  62584200      208614        15.4%    160.119.76.22
  54202200      180674        13.3%    160.119.76.27
  39328800      131096         9.7%    160.119.76.29
  24298200       80994         6.0%    160.119.76.25
  18799500       62665         4.6%    160.119.76.18
  11595900       38653         2.8%    160.119.76.16
   8073900       26913         2.0%   157.240.253.63
   7828800       26096         1.9%   57.144.248.192
   7508100       25027         1.8%     159.60.33.33
   7227300       24091         1.8%     159.60.33.37

Top-10 Dst IPs by Packets:
   Packets   Est. Rate   % of Total            Dst IP
----------------------------------------------------
  25201800       84006         6.2%   128.139.225.242
  15474000       51580         3.8%      132.70.60.17
   7508400       25028         1.8%    128.139.220.91
   7227600       24092         1.8%    128.139.220.90
   6352500       21175         1.6%     128.139.200.5
   6287400       20958         1.5%     128.139.200.4
   3562500       11875         0.9%      132.76.61.54
   3448800       11496         0.8%      192.114.52.5
   3237000       10790         0.8%      132.76.61.51
   3225300       10751         0.8%      192.114.52.7

Top-10 Possible Targets by Bytes:
          Src IP   Src Port            Dst IP   Dst Port   Sampled Count
----------------------------------------------------------------------
                              128.139.225.242                29446717200
                        443   128.139.225.242                26654315100
                        443      132.70.60.17                22649361900
                                 132.70.60.17                21742228200
  157.240.253.63        443                                   9877361400
  157.240.253.63                                              9877361400
  57.144.248.192        443                                   9645469800
  57.144.248.192                                              9645469800
                               128.139.220.90                 8570266800
                               128.139.220.90                 8570266800

Metric Info:
2M Packets/s

Alert Type:
time_window

Alert Description:
High packet rate.

Start Time: 2026-04-26 21:32:47
End Time: ongoing

First Event Seen: 2026-04-26 21:30:00
Last Event Seen: 2026-04-26 21:31:00

Further Details:
https://secondary.nemo.geant.org/alerts/details/245712/

More information about the Nemo-ddos-list mailing list