[NeMo-DDoS-List] FW: [Geant NeMo] Analysis for Alert #406567 CRIT: IUCC (AS378) - [Email_Analysis] [Customer] [IUCC]

Hank Nussbacher hank at mail.iucc.ac.il
Mon Feb 16 18:29:45 IST 2026 



________________________________________
From: nemo-ddos at host.geant.org <nemo-ddos at host.geant.org>
Sent: Monday, February 16, 2026 6:29:38 PM (UTC+02:00) Jerusalem
To: soc at geant.org
Subject: [Geant NeMo] Analysis for Alert #406567 CRIT: IUCC (AS378) - [Email_Analysis] [Customer] [IUCC]

Please find the analysis details for the Alert ID: 406567

Top-10 Src IPs by Packets:
   Packets   Est. Rate   % of Total            Src IP
----------------------------------------------------
  25593600       85312         5.0%     95.100.181.33
  25338900       84463         5.0%     95.100.181.31
  20538300       68461         4.0%     95.100.181.17
  19276200       64254         3.8%   192.178.203.136
  19189800       63966         3.8%    192.178.203.91
  18477000       61590         3.6%    192.178.203.93
  17329200       57764         3.4%   192.178.203.190
  15492300       51641         3.1%      95.100.181.9
  12608700       42029         2.5%    57.144.248.192
  10779000       35930         2.1%     162.125.69.14

Top-10 Dst IPs by Packets:
   Packets   Est. Rate   % of Total            Dst IP
----------------------------------------------------
  25748400       85828         5.1%   128.139.225.242
  15035700       50119         3.0%      132.73.124.8
  14992500       49975         3.0%     132.73.124.68
  14251200       47504         2.8%      132.76.61.53
  13297500       44325         2.6%    132.73.124.168
  12200100       40667         2.4%     128.139.200.4
  12172500       40575         2.4%     132.73.124.94
  12092100       40307         2.4%     132.73.124.72
  11724000       39080         2.3%     128.139.200.5
  11241000       37470         2.2%     132.73.124.32

Top-10 Possible Targets by Bytes:
           Src IP   Src Port   Dst IP   Dst Port   Sampled Count
--------------------------------------------------------------
    95.100.181.33        443                         38194156500
    95.100.181.33                                    38194156500
    95.100.181.31                                    37845408600
    95.100.181.31        443                         37609638300
    95.100.181.17        443                         30199839000
    95.100.181.17                                    30199839000
  192.178.203.136        443                         27857333400
  192.178.203.136                                    27857333400
   192.178.203.91        443                         27748581000
   192.178.203.91                                    27748581000

Metric Info:
2M Packets/s

Alert Type:
time_window

Alert Description:
High packet rate

Start Time: 2026-02-16 16:25:22
End Time: ongoing

First Event Seen: 2026-02-16 16:23:00
Last Event Seen: 2026-02-16 16:28:00

Further Details:
https://primary.nemo.geant.org/alerts/details/406567/

More information about the Nemo-ddos-list mailing list