[NeMo-DDoS-List] FW: [Geant NeMo] Analysis for Alert #405774 CRIT: IUCC (AS378) - [Email_Analysis] [Customer] [IUCC]

Hank Nussbacher hank at mail.iucc.ac.il
Mon Feb 9 17:58:44 IST 2026 



________________________________________
From: nemo-ddos at host.geant.org <nemo-ddos at host.geant.org>
Sent: Monday, February 9, 2026 5:58:38 PM (UTC+02:00) Jerusalem
To: soc at geant.org
Subject: [Geant NeMo] Analysis for Alert #405774 CRIT: IUCC (AS378) - [Email_Analysis] [Customer] [IUCC]

Please find the analysis details for the Alert ID: 405774

Top-10 Src IPs by Packets:
   Packets   Est. Rate   % of Total           Src IP
---------------------------------------------------
  33520200      111734         5.3%    74.125.29.190
  31926000      106420         5.0%    74.125.29.136
  29324100       97747         4.6%     74.125.29.93
  29099700       96999         4.6%     74.125.29.91
  17187900       57293         2.7%      31.13.84.52
  16992900       56643         2.7%    162.125.69.12
   9438900       31463         1.5%   57.144.248.192
   7898100       26327         1.2%     23.41.187.24
   6279900       20933         1.0%   57.144.244.192
   5394000       17980         0.8%   157.240.253.63

Top-10 Dst IPs by Packets:
   Packets   Est. Rate   % of Total            Dst IP
----------------------------------------------------
  31432800      104776         4.9%   128.139.225.242
  23900100       79667         3.8%     132.73.124.68
  19827600       66092         3.1%     132.73.124.72
  17856300       59521         2.8%      132.73.124.8
  15922200       53074         2.5%    132.73.124.194
  14461800       48206         2.3%    132.65.128.170
  13406400       44688         2.1%    132.65.128.173
  13247100       44157         2.1%    132.65.128.175
  12514200       41714         2.0%    132.65.128.169
  12396600       41322         2.0%    132.65.128.172

Top-10 Possible Targets by Bytes:
         Src IP   Src Port            Dst IP   Dst Port   Sampled Count
---------------------------------------------------------------------
  74.125.29.190        443                                  48058788000
  74.125.29.190                                             48058788000
  74.125.29.136        443                                  45231403500
  74.125.29.136                                             45231403500
   74.125.29.93        443                                  41858276400
   74.125.29.93                                             41858276400
   74.125.29.91        443                                  41171650800
   74.125.29.91                                             41171650800
                               132.73.124.68                33164884500
                             128.139.225.242                33005521200

Metric Info:
2M Packets/s

Alert Type:
time_window

Alert Description:
High packet rate

Start Time: 2026-02-09 15:54:29
End Time: ongoing

First Event Seen: 2026-02-09 15:52:00
Last Event Seen: 2026-02-09 15:57:00

Further Details:
https://primary.nemo.geant.org/alerts/details/405774/

More information about the Nemo-ddos-list mailing list