[NeMo-DDoS-List] FW: [Geant NeMo] Analysis for Alert #405078 WARN: IUCC (AS378) - [Email_Analysis] [Customer] [IUCC]

Hank Nussbacher hank at mail.iucc.ac.il
Mon Feb 2 17:30:46 IST 2026 



________________________________________
From: nemo-ddos at host.geant.org <nemo-ddos at host.geant.org>
Sent: Monday, February 2, 2026 5:30:35 PM (UTC+02:00) Jerusalem
To: soc at geant.org
Subject: [Geant NeMo] Analysis for Alert #405078 WARN: IUCC (AS378) - [Email_Analysis] [Customer] [IUCC]

Please find the analysis details for the Alert ID: 405078

Top-10 Src IPs by Packets:
   Packets   Est. Rate   % of Total            Src IP
----------------------------------------------------
  11288100       37627         2.5%    57.144.248.192
  10871100       36237         2.4%     95.100.181.10
   9642900       32143         2.2%     95.100.181.33
   8247600       27492         1.8%     95.100.181.30
   8013000       26710         1.8%    157.240.253.63
   7659900       25533         1.7%    57.144.244.192
   7587300       25291         1.7%     20.209.177.33
   7124100       23747         1.6%     95.100.181.17
   7057800       23526         1.6%     95.100.181.16
   6560400       21868         1.5%   192.178.203.190

Top-10 Dst IPs by Packets:
   Packets   Est. Rate   % of Total            Dst IP
----------------------------------------------------
  22464300       74881         5.0%   128.139.225.242
  16683900       55613         3.7%    132.73.124.194
  12914100       43047         2.9%     128.139.200.4
  10692600       35642         2.4%     128.139.200.5
   8850600       29502         2.0%     132.73.124.32
   8780400       29268         2.0%     132.73.124.40
   8752500       29175         2.0%      132.76.61.52
   8709900       29033         1.9%      192.114.5.10
   8214000       27380         1.8%      132.76.61.53
   7957500       26525         1.8%      132.73.124.8

Top-10 Possible Targets by Bytes:
          Src IP   Src Port            Dst IP   Dst Port   Sampled Count
----------------------------------------------------------------------
                              128.139.225.242                23682253500
                        443   128.139.225.242                20922450600
                                128.139.200.4                17427134700
                        443     128.139.200.4                17426452500
   95.100.181.10                                             14888382900
   95.100.181.10        443                                  14886165300
  57.144.248.192        443                                  14076321300
  57.144.248.192                                             14076321300
                                128.139.200.5                14036442900
                        443     128.139.200.5                14035819500

Metric Info:
2M Packets/s

Alert Type:
time_window

Alert Description:
High packet rate

Start Time: 2026-02-02 15:30:20
End Time: ongoing

First Event Seen: 2026-02-02 15:28:00
Last Event Seen: 2026-02-02 15:29:00

Further Details:
https://primary.nemo.geant.org/alerts/details/405078/

More information about the Nemo-ddos-list mailing list