[NeMo-DDoS-List] FW: [Geant NeMo] Analysis for Alert #246096 WARN: IUCC (AS378) - [Email_Analysis] [IUCC] [Customer]
Hank Nussbacher
hank at mail.iucc.ac.il
Tue Apr 28 10:49:35 IDT 2026
________________________________________
From: nemo-ddos at host.geant.org <nemo-ddos at host.geant.org>
Sent: Tuesday, April 28, 2026 10:49:26 AM (UTC+02:00) Jerusalem
To: soc at geant.org
Subject: [Geant NeMo] Analysis for Alert #246096 WARN: IUCC (AS378) - [Email_Analysis] [IUCC] [Customer]
Please find the analysis details for the Alert ID: 246096
Top-10 Src IPs by Packets:
Packets Est. Rate % of Total Src IP
----------------------------------------------------
101449500 338165 32.6% 160.119.76.29
76669500 255565 24.6% 160.119.76.19
34282800 114276 11.0% 160.119.76.22
28301100 94337 9.1% 160.119.76.26
27782100 92607 8.9% 160.119.76.18
9453300 31511 3.0% 80.94.92.11
2689800 8966 0.9% 45.142.193.6
946200 3154 0.3% 150.107.38.251
826200 2754 0.3% 194.180.49.218
746700 2489 0.2% 35.169.206.177
Top-10 Dst IPs by Packets:
Packets Est. Rate % of Total Dst IP
---------------------------------------------------
117300 391 0.0% 192.114.91.245
106200 354 0.0% 192.114.52.5
91800 306 0.0% 192.114.91.246
80100 267 0.0% 192.114.91.244
76800 256 0.0% 192.114.91.243
73500 245 0.0% 192.114.91.248
68400 228 0.0% 192.114.91.249
68100 227 0.0% 132.76.61.52
67200 224 0.0% 132.76.61.51
64800 216 0.0% 128.139.225.242
Top-10 Possible Targets by Bytes:
Src IP Src Port Dst IP Dst Port Sampled Count
------------------------------------------------------------
160.119.76.29 4057980000
160.119.76.19 3066780000
160.119.76.29 42137 1745784000
160.119.76.19 42153 1573116000
160.119.76.19 42158 1493664000
160.119.76.22 42095 1371312000
160.119.76.22 1371312000
160.119.76.29 42157 1345296000
160.119.76.26 42220 1132044000
160.119.76.26 1132044000
Metric Info:
1M SYN Packets/s
Alert Type:
time_window
Alert Description:
High SYN packet rate.
Start Time: 2026-04-28 07:45:54
End Time: ongoing
First Event Seen: 2026-04-28 07:43:00
Last Event Seen: 2026-04-28 07:47:00
Further Details:
https://secondary.nemo.geant.org/alerts/details/246096/
More information about the Nemo-ddos-list
mailing list