[NeMo-DDoS-List] FW: [Geant NeMo] Analysis for Alert #405774 WARN: IUCC (AS378) - [Email_Analysis] [Customer] [IUCC]

Hank Nussbacher hank at mail.iucc.ac.il
Mon Feb 9 17:54:51 IST 2026 



________________________________________
From: nemo-ddos at host.geant.org <nemo-ddos at host.geant.org>
Sent: Monday, February 9, 2026 5:54:44 PM (UTC+02:00) Jerusalem
To: soc at geant.org
Subject: [Geant NeMo] Analysis for Alert #405774 WARN: IUCC (AS378) - [Email_Analysis] [Customer] [IUCC]

Please find the analysis details for the Alert ID: 405774

Top-10 Src IPs by Packets:
   Packets   Est. Rate   % of Total           Src IP
---------------------------------------------------
  25014000       83380         4.9%    74.125.29.190
  23625600       78752         4.6%    74.125.29.136
  22069200       73564         4.3%     74.125.29.93
  20858100       69527         4.1%     74.125.29.91
  14278200       47594         2.8%      31.13.84.52
  13719300       45731         2.7%    162.125.69.12
   7931700       26439         1.5%   57.144.248.192
   5379000       17930         1.0%     23.41.187.24
   5282700       17609         1.0%   57.144.244.192
   4561800       15206         0.9%   157.240.253.63

Top-10 Dst IPs by Packets:
   Packets   Est. Rate   % of Total            Dst IP
----------------------------------------------------
  26131500       87105         5.1%   128.139.225.242
  16124700       53749         3.1%     132.73.124.68
  14851500       49505         2.9%     132.73.124.72
  14518500       48395         2.8%      132.73.124.8
  13677600       45592         2.7%    132.73.124.194
  12092400       40308         2.3%    132.65.128.170
  11285400       37618         2.2%    132.65.128.173
  10685700       35619         2.1%    132.65.128.175
  10196700       33989         2.0%    132.65.128.169
   9871800       32906         1.9%     128.139.200.5

Top-10 Possible Targets by Bytes:
         Src IP   Src Port            Dst IP   Dst Port   Sampled Count
---------------------------------------------------------------------
  74.125.29.190        443                                  35751964800
  74.125.29.190                                             35751964800
  74.125.29.136        443                                  33235711500
  74.125.29.136                                             33235711500
   74.125.29.93        443                                  31372636200
   74.125.29.93                                             31372636200
   74.125.29.91        443                                  29264159400
   74.125.29.91                                             29264159400
                             128.139.225.242                27975513300
                               132.73.124.68                21799750200

Metric Info:
2M Packets/s

Alert Type:
time_window

Alert Description:
High packet rate

Start Time: 2026-02-09 15:54:29
End Time: ongoing

First Event Seen: 2026-02-09 15:52:00
Last Event Seen: 2026-02-09 15:53:00

Further Details:
https://primary.nemo.geant.org/alerts/details/405774/

More information about the Nemo-ddos-list mailing list