[NeMo-DDoS-List] FW: [Geant NeMo] Analysis for Alert #406321 CRIT: IUCC (AS378) - [Email_Analysis] [Customer] [IUCC]

Hank Nussbacher hank at mail.iucc.ac.il
Sat Feb 14 12:54:46 IST 2026 



________________________________________
From: nemo-ddos at host.geant.org <nemo-ddos at host.geant.org>
Sent: Saturday, February 14, 2026 12:54:40 PM (UTC+02:00) Jerusalem
To: soc at geant.org
Subject: [Geant NeMo] Analysis for Alert #406321 CRIT: IUCC (AS378) - [Email_Analysis] [Customer] [IUCC]

Please find the analysis details for the Alert ID: 406321

Top-10 Src IPs by Packets:
    Packets   Est. Rate   % of Total            Src IP
-----------------------------------------------------
  115715700      385719        25.7%     82.147.84.134
   46150500      153835        10.3%     82.147.85.167
   44701800      149006         9.9%      82.147.84.53
   21955200       73184         4.9%     82.147.84.129
   21061200       70204         4.7%     162.125.69.14
    8075700       26919         1.8%      172.66.0.165
    7374600       24582         1.6%       31.13.84.52
    5649600       18832         1.3%    57.144.248.192
    4927200       16424         1.1%    57.144.244.192
    3909300       13031         0.9%   199.232.210.172

Top-10 Dst IPs by Packets:
   Packets   Est. Rate   % of Total            Dst IP
----------------------------------------------------
  28053000       93510         6.2%   128.139.225.242
  16758300       55861         3.7%      132.76.61.53
   8371200       27904         1.9%     128.139.200.5
   8139300       27131         1.8%     128.139.221.5
   7818000       26060         1.7%    132.73.124.194
   6131400       20438         1.4%     132.74.74.134
   5706900       19023         1.3%     128.139.200.4
   5553600       18512         1.2%    132.73.124.180
   3733200       12444         0.8%    132.64.244.105
   2988300        9961         0.7%      132.76.61.51

Top-10 Possible Targets by Bytes:
         Src IP   Src Port            Dst IP   Dst Port   Sampled Count
---------------------------------------------------------------------
                             128.139.225.242                33955351500
  162.125.69.14        443                                  30608811900
  162.125.69.14                                             30608811900
                       443   128.139.225.242                29731016400
                                132.76.61.53                23475533700
                       443      132.76.61.53                23469557700
                       443     128.139.221.5                11620869900
                               128.139.221.5                11620869900
   172.66.0.165                                             11526256200
   172.66.0.165        443                                  11525874300

Metric Info:
1M Packets/s

Alert Type:
time_window

Alert Description:
High packet rate

Start Time: 2026-02-14 10:50:26
End Time: ongoing

First Event Seen: 2026-02-14 10:48:00
Last Event Seen: 2026-02-14 10:53:00

Further Details:
https://primary.nemo.geant.org/alerts/details/406321/

More information about the Nemo-ddos-list mailing list