[NeMo-DDoS-List] FW: [Geant NeMo] Analysis for Alert #245980 WARN: IUCC (AS378) - [Email_Analysis] [IUCC] [Customer]

Hank Nussbacher hank at mail.iucc.ac.il
Mon Apr 27 23:21:25 IDT 2026 



________________________________________
From: nemo-ddos at host.geant.org <nemo-ddos at host.geant.org>
Sent: Monday, April 27, 2026 11:21:20 PM (UTC+02:00) Jerusalem
To: soc at geant.org
Subject: [Geant NeMo] Analysis for Alert #245980 WARN: IUCC (AS378) - [Email_Analysis] [IUCC] [Customer]

Please find the analysis details for the Alert ID: 245980

Top-10 Src IPs by Packets:
   Packets   Est. Rate   % of Total          Src IP
--------------------------------------------------
  62669400      208898        12.5%   160.119.76.23
  57394800      191316        11.4%   160.119.76.19
  29793300       99311         5.9%   160.119.76.28
  28238100       94127         5.6%   160.119.76.27
  17176200       57254         3.4%   160.119.76.26
  15022500       50075         3.0%   160.119.76.25
  14661600       48872         2.9%   160.119.76.38
  14155800       47186         2.8%   162.125.69.14
  13428300       44761         2.7%    159.60.33.37
  11251800       37506         2.2%   160.119.76.36

Top-10 Dst IPs by Packets:
   Packets   Est. Rate   % of Total            Dst IP
----------------------------------------------------
  27764100       92547         5.5%   128.139.225.242
  14155500       47185         2.8%      132.77.89.53
  13428300       44761         2.7%    128.139.220.90
  11178000       37260         2.2%    128.139.220.91
   7975500       26585         1.6%     128.139.200.5
   7495800       24986         1.5%     128.139.200.4
   6155400       20518         1.2%       132.74.6.58
   4656000       15520         0.9%      192.114.52.8
   4462200       14874         0.9%      192.114.52.2
   4357800       14526         0.9%     192.114.52.11

Top-10 Possible Targets by Bytes:
         Src IP   Src Port            Dst IP   Dst Port   Sampled Count
---------------------------------------------------------------------
                             128.139.225.242                32120839500
                       443   128.139.225.242                29008752000
  162.125.69.14        443                                  21075391800
  162.125.69.14                                             21075391800
  162.125.69.14                                   55586     21074941800
                       443      132.77.89.53                21074941800
                                132.77.89.53      55586     21074941800
                                132.77.89.53                21074941800
   159.60.33.37                                             17837421600
   159.60.33.37                                             17837421600

Metric Info:
3M Packets/s

Alert Type:
time_window

Alert Description:
High packet rate.

Start Time: 2026-04-27 20:20:58
End Time: ongoing

First Event Seen: 2026-04-27 20:18:00
Last Event Seen: 2026-04-27 20:19:00

Further Details:
https://secondary.nemo.geant.org/alerts/details/245980/

More information about the Nemo-ddos-list mailing list