[NeMo-DDoS-List] FW: [Geant NeMo] Analysis for Alert #245857 WARN: IUCC (AS378) - [Email_Analysis] [IUCC] [Customer]

[Hank Nussbacher]

________________________________________
From: nemo-ddos at host.geant.org <nemo-ddos at host.geant.org>
Sent: Monday, April 27, 2026 12:00:22 PM (UTC+02:00) Jerusalem
To: soc at geant.org
Subject: [Geant NeMo] Analysis for Alert #245857 WARN: IUCC (AS378) - [Email_Analysis] [IUCC] [Customer]

Please find the analysis details for the Alert ID: 245857

Top-10 Src IPs by Packets:
    Packets   Est. Rate   % of Total           Src IP
----------------------------------------------------
  119070600      396902        25.9%    160.119.76.22
  107565300      358551        23.4%    160.119.76.23
   89151000      297170        19.4%    160.119.76.29
   57196200      190654        12.5%    160.119.76.19
   54446400      181488        11.9%    160.119.76.28
     992400        3308         0.2%   192.210.214.10
     648300        2161         0.1%      18.189.74.1
     584100        1947         0.1%   103.246.225.75
     447300        1491         0.1%   172.237.27.147
     339600        1132         0.1%    164.52.24.180

Top-10 Dst IPs by Packets:
  Packets   Est. Rate   % of Total            Dst IP
---------------------------------------------------
   247200         824         0.1%      132.76.61.54
   239700         799         0.1%      132.70.60.26
    84900         283         0.0%    192.114.91.243
    80400         268         0.0%   192.114.105.254
    78900         263         0.0%    192.114.91.244
    75600         252         0.0%    192.114.91.249
    73800         246         0.0%    192.114.91.245
    71700         239         0.0%    192.114.91.247
    69300         231         0.0%    192.114.91.248
    61200         204         0.0%    192.114.91.246

Top-10 Possible Targets by Bytes:
         Src IP   Src Port   Dst IP   Dst Port   Sampled Count
------------------------------------------------------------
  160.119.76.22                                     4762824000
  160.119.76.23                                     4302612000
  160.119.76.29                                     3566040000
  160.119.76.22      59926                          2404932000
  160.119.76.22      59930                          2357892000
  160.119.76.23      40021                          2294280000
  160.119.76.19      40012                          2287848000
  160.119.76.19                                     2287848000
  160.119.76.28      40052                          2177856000
  160.119.76.28                                     2177856000

Metric Info:
1016k SYN Packets/s

Alert Type:
time_window

Alert Description:
High SYN packet rate.

Start Time: 2026-04-27 08:57:02
End Time: ongoing

First Event Seen: 2026-04-27 08:54:00
Last Event Seen: 2026-04-27 08:58:00

Further Details:
https://secondary.nemo.geant.org/alerts/details/245857/