[NeMo-DDoS-List] FW: [Geant NeMo] Analysis for Alert #405080 WARN: IUCC (AS378) - [Email_Analysis] [Customer] [IUCC]

Hank Nussbacher hank at mail.iucc.ac.il
Mon Feb 2 17:33:39 IST 2026 



________________________________________
From: nemo-ddos at host.geant.org <nemo-ddos at host.geant.org>
Sent: Monday, February 2, 2026 5:33:34 PM (UTC+02:00) Jerusalem
To: soc at geant.org
Subject: [Geant NeMo] Analysis for Alert #405080 WARN: IUCC (AS378) - [Email_Analysis] [Customer] [IUCC]

Please find the analysis details for the Alert ID: 405080

Top-10 Src IPs by Packets:
   Packets   Est. Rate   % of Total            Src IP
----------------------------------------------------
  12680700       42269         2.8%     95.100.181.10
  12369900       41233         2.7%     95.100.181.33
  12197100       40657         2.7%     95.100.181.30
  11795400       39318         2.6%     95.100.181.17
   9227700       30759         2.0%      95.100.181.8
   9095100       30317         2.0%     95.100.181.16
   8937300       29791         2.0%     20.209.177.33
   8139900       27133         1.8%   192.178.203.190
   7715400       25718         1.7%     162.125.69.14
   7532100       25107         1.7%     95.100.181.13

Top-10 Dst IPs by Packets:
   Packets   Est. Rate   % of Total            Dst IP
----------------------------------------------------
  16039500       53465         3.5%    132.73.124.194
  15266700       50889         3.4%     132.73.124.32
  14909400       49698         3.3%     128.139.200.4
  12588600       41962         2.8%     128.139.200.5
  11461200       38204         2.5%      132.76.61.52
  11040300       36801         2.4%   128.139.225.242
  10877400       36258         2.4%    132.73.124.196
  10834500       36115         2.4%     132.73.124.40
  10410600       34702         2.3%      132.73.124.8
  10293600       34312         2.3%    132.73.124.132

Top-10 Possible Targets by Bytes:
         Src IP   Src Port          Dst IP   Dst Port   Sampled Count
-------------------------------------------------------------------
                             132.73.124.32                21786997500
                       443   132.73.124.32                21785722800
                             128.139.200.4                20350836000
                       443   128.139.200.4                20350683000
  95.100.181.30                                           17633466900
  95.100.181.30        443                                17582833200
  95.100.181.33                                           17370721800
  95.100.181.33        443                                17337103800
  95.100.181.17                                           17010525300
                             128.139.200.5                16855848900

Metric Info:
1M ACK Packets/s

Alert Type:
time_window

Alert Description:
High ACK packet rate

Start Time: 2026-02-02 15:30:27
End Time: ongoing

First Event Seen: 2026-02-02 15:28:00
Last Event Seen: 2026-02-02 15:32:00

Further Details:
https://primary.nemo.geant.org/alerts/details/405080/

More information about the Nemo-ddos-list mailing list