[NeMo-DDoS-List] FW: [Geant NeMo] Analysis for Alert #406570 CRIT: IUCC (AS378) - [Email_Analysis] [Customer] [IUCC]

Hank Nussbacher hank at mail.iucc.ac.il
Mon Feb 16 18:33:37 IST 2026 



________________________________________
From: nemo-ddos at host.geant.org <nemo-ddos at host.geant.org>
Sent: Monday, February 16, 2026 6:33:30 PM (UTC+02:00) Jerusalem
To: soc at geant.org
Subject: [Geant NeMo] Analysis for Alert #406570 CRIT: IUCC (AS378) - [Email_Analysis] [Customer] [IUCC]

Please find the analysis details for the Alert ID: 406570

Top-10 Src IPs by Packets:
   Packets   Est. Rate   % of Total            Src IP
----------------------------------------------------
  25591500       85305         6.0%     95.100.181.33
  25338900       84463         5.9%     95.100.181.31
  20529900       68433         4.8%     95.100.181.17
  19267800       64226         4.5%   192.178.203.136
  19180200       63934         4.5%    192.178.203.91
  18470700       61569         4.3%    192.178.203.93
  17321400       57738         4.1%   192.178.203.190
  15492300       51641         3.6%      95.100.181.9
  10779000       35930         2.5%     162.125.69.14
   6468000       21560         1.5%    216.58.204.138

Top-10 Dst IPs by Packets:
   Packets   Est. Rate   % of Total            Dst IP
----------------------------------------------------
  15088800       50296         3.5%     132.73.124.68
  14965500       49885         3.5%      132.73.124.8
  14300100       47667         3.4%      132.76.61.53
  13344000       44480         3.1%    132.73.124.168
  12171900       40573         2.9%     132.73.124.94
  12070200       40234         2.8%     132.73.124.72
  11927700       39759         2.8%     128.139.200.4
  11460300       38201         2.7%     128.139.200.5
  11297400       37658         2.7%     132.73.124.32
  10182900       33943         2.4%   128.139.225.242

Top-10 Possible Targets by Bytes:
           Src IP   Src Port   Dst IP   Dst Port   Sampled Count
--------------------------------------------------------------
    95.100.181.33        443                         38191465800
    95.100.181.33                                    38191465800
    95.100.181.31                                    37845408600
    95.100.181.31        443                         37609638300
    95.100.181.17        443                         30197296200
    95.100.181.17                                    30197296200
  192.178.203.136        443                         27850061700
  192.178.203.136                                    27850061700
   192.178.203.91        443                         27742780500
   192.178.203.91                                    27742780500

Metric Info:
1M ACK Packets/s

Alert Type:
time_window

Alert Description:
High ACK packet rate

Start Time: 2026-02-16 16:25:25
End Time: ongoing

First Event Seen: 2026-02-16 16:23:00
Last Event Seen: 2026-02-16 16:32:00

Further Details:
https://primary.nemo.geant.org/alerts/details/406570/

More information about the Nemo-ddos-list mailing list