[NeMo-DDoS-List] FW: [Geant NeMo] Analysis for Alert #406614 WARN: IUCC (AS378) - [Email_Analysis] [Customer] [IUCC]

Hank Nussbacher hank at mail.iucc.ac.il
Tue Feb 17 04:11:42 IST 2026 



________________________________________
From: nemo-ddos at host.geant.org <nemo-ddos at host.geant.org>
Sent: Tuesday, February 17, 2026 4:11:36 AM (UTC+02:00) Jerusalem
To: soc at geant.org
Subject: [Geant NeMo] Analysis for Alert #406614 WARN: IUCC (AS378) - [Email_Analysis] [Customer] [IUCC]

Please find the analysis details for the Alert ID: 406614

Top-10 Src IPs by Packets:
   Packets   Est. Rate   % of Total                 Src IP
---------------------------------------------------------
  97045800      323486        30.9%         199.232.82.172
  27765000       92550         8.8%   2001:bf8:900:d:2::71
  22792800       75976         7.3%        151.101.242.172
  19048200       63494         6.1%          132.73.124.68
  14442000       48140         4.6%         132.73.124.236
   9454800       31516         3.0%          162.125.69.14
   5396100       17987         1.7%         216.58.204.138
   3232800       10776         1.0%          52.98.242.226
   2786700        9289         0.9%         17.253.122.201
   2786100        9287         0.9%          13.107.136.10

Top-10 Dst IPs by Packets:
   Packets   Est. Rate   % of Total                Dst IP
--------------------------------------------------------
  56936400      189788        18.1%         132.73.124.68
  49202100      164007        15.7%        132.73.124.236
  38244600      127482        12.2%        199.232.82.172
  10391100       34637         3.3%          132.76.61.53
   6968100       23227         2.2%       128.139.225.242
   6373500       21245         2.0%   2607:f8f0:660:4::18
   5615100       18717         1.8%          132.73.124.8
   4915200       16384         1.6%         132.74.74.134
   4006800       13356         1.3%         192.114.3.241
   3571500       11905         1.1%         128.139.200.4

Top-10 Possible Targets by Bytes:
                Src IP   Src Port           Dst IP   Dst Port   Sampled Count
---------------------------------------------------------------------------
        199.232.82.172                                           138918639000
        199.232.82.172        443                                130406640000
                                     132.73.124.68                81474108600
                              443    132.73.124.68                81434268000
                                    132.73.124.236                70201161600
                              443   132.73.124.236                70039991100
  2001:bf8:900:d:2::71       8443                                 41629494600
  2001:bf8:900:d:2::71                                            41629494600
       151.101.242.172                                            32334678300
       151.101.242.172        443                                 31304982600

Metric Info:
1M Packets/s

Alert Type:
time_window

Alert Description:
High packet rate

Start Time: 2026-02-17 02:11:28
End Time: ongoing

First Event Seen: 2026-02-17 02:09:00
Last Event Seen: 2026-02-17 02:10:00

Further Details:
https://primary.nemo.geant.org/alerts/details/406614/

More information about the Nemo-ddos-list mailing list