[NeMo-DDoS-List] FW: [Geant NeMo] Analysis for Alert #245980 CRIT: IUCC (AS378) - [Email_Analysis] [IUCC] [Customer]

Hank Nussbacher hank at mail.iucc.ac.il
Mon Apr 27 23:25:30 IDT 2026 



________________________________________
From: nemo-ddos at host.geant.org <nemo-ddos at host.geant.org>
Sent: Monday, April 27, 2026 11:25:19 PM (UTC+02:00) Jerusalem
To: soc at geant.org
Subject: [Geant NeMo] Analysis for Alert #245980 CRIT: IUCC (AS378) - [Email_Analysis] [IUCC] [Customer]

Please find the analysis details for the Alert ID: 245980

Top-10 Src IPs by Packets:
   Packets   Est. Rate   % of Total          Src IP
--------------------------------------------------
  93451500      311505        12.0%   160.119.76.23
  88720500      295735        11.4%   160.119.76.19
  45653400      152178         5.9%   160.119.76.38
  43307700      144359         5.6%   160.119.76.27
  43122000      143740         5.5%   160.119.76.28
  28032600       93442         3.6%   160.119.76.36
  27870600       92902         3.6%   160.119.76.26
  25395900       84653         3.3%   160.119.76.25
  22877100       76257         2.9%   160.119.76.31
  22822800       76076         2.9%   160.119.76.35

Top-10 Dst IPs by Packets:
   Packets   Est. Rate   % of Total            Dst IP
----------------------------------------------------
  33098400      110328         4.3%   128.139.225.242
  17448300       58161         2.2%      132.77.89.53
  16139700       53799         2.1%    128.139.220.90
  13250100       44167         1.7%    128.139.220.91
   9274500       30915         1.2%     128.139.200.5
   8864100       29547         1.1%     128.139.200.4
   6354000       21180         0.8%       132.74.6.58
   5302800       17676         0.7%      192.114.52.2
   5229300       17431         0.7%      192.114.52.9
   5118300       17061         0.7%      192.114.52.8

Top-10 Possible Targets by Bytes:
         Src IP   Src Port            Dst IP   Dst Port   Sampled Count
---------------------------------------------------------------------
                             128.139.225.242                38424362100
                       443   128.139.225.242                34606261800
  162.125.69.14        443                                  25975416900
  162.125.69.14                                             25975416900
  162.125.69.14                                   55586     25974074400
                       443      132.77.89.53                25974074400
                                132.77.89.53      55586     25974074400
                                132.77.89.53                25974074400
   159.60.33.37                                             21176464500
   159.60.33.37                                             21176464500

Metric Info:
2M Packets/s

Alert Type:
time_window

Alert Description:
High packet rate.

Start Time: 2026-04-27 20:20:58
End Time: ongoing

First Event Seen: 2026-04-27 20:18:00
Last Event Seen: 2026-04-27 20:23:00

Further Details:
https://secondary.nemo.geant.org/alerts/details/245980/

More information about the Nemo-ddos-list mailing list