[NeMo-DDoS-List] FW: [Geant NeMo] Analysis for Alert #405772 WARN: IUCC (AS378) - [Email_Analysis] [Customer] [IUCC]

Hank Nussbacher hank at mail.iucc.ac.il
Mon Feb 9 17:57:56 IST 2026 



________________________________________
From: nemo-ddos at host.geant.org <nemo-ddos at host.geant.org>
Sent: Monday, February 9, 2026 5:57:50 PM (UTC+02:00) Jerusalem
To: soc at geant.org
Subject: [Geant NeMo] Analysis for Alert #405772 WARN: IUCC (AS378) - [Email_Analysis] [Customer] [IUCC]

Please find the analysis details for the Alert ID: 405772

Top-10 Src IPs by Packets:
   Packets   Est. Rate   % of Total                 Src IP
---------------------------------------------------------
  33519900      111733         6.1%          74.125.29.190
  31926000      106420         5.8%          74.125.29.136
  29278200       97594         5.3%           74.125.29.93
  29099400       96998         5.3%           74.125.29.91
  16992900       56643         3.1%          162.125.69.12
   7890600       26302         1.4%           23.41.187.24
   5001900       16673         0.9%   2001:bf8:900:d:2::71
   4953000       16510         0.9%           23.41.187.22
   4796400       15988         0.9%           23.41.187.29
   4595400       15318         0.8%           23.41.187.16

Top-10 Dst IPs by Packets:
   Packets   Est. Rate   % of Total            Dst IP
----------------------------------------------------
  23900100       79667         4.3%     132.73.124.68
  19798500       65995         3.6%     132.73.124.72
  17837400       59458         3.2%      132.73.124.8
  14943900       49813         2.7%   128.139.225.242
  14461800       48206         2.6%    132.65.128.170
  13554600       45182         2.5%    132.73.124.194
  13406400       44688         2.4%    132.65.128.173
  13246800       44156         2.4%    132.65.128.175
  12514200       41714         2.3%    132.65.128.169
  12396300       41321         2.3%    132.65.128.172

Top-10 Possible Targets by Bytes:
         Src IP   Src Port          Dst IP   Dst Port   Sampled Count
-------------------------------------------------------------------
  74.125.29.190        443                                48058771200
  74.125.29.190                                           48058771200
  74.125.29.136        443                                45231403500
  74.125.29.136                                           45231403500
   74.125.29.93        443                                41805669900
   74.125.29.93                                           41805669900
   74.125.29.91        443                                41171576700
   74.125.29.91                                           41171576700
                             132.73.124.68                33164884500
                       443   132.73.124.68                29744736000

Metric Info:
2M ACK Packets/s

Alert Type:
time_window

Alert Description:
High ACK packet rate

Start Time: 2026-02-09 15:54:28
End Time: ongoing

First Event Seen: 2026-02-09 15:52:00
Last Event Seen: 2026-02-09 15:56:00

Further Details:
https://primary.nemo.geant.org/alerts/details/405772/

More information about the Nemo-ddos-list mailing list