[NeMo-DDoS-List] FW: [Geant NeMo] Analysis for Alert #406614 CRIT: IUCC (AS378) - [Email_Analysis] [Customer] [IUCC]

Hank Nussbacher hank at mail.iucc.ac.il
Tue Feb 17 04:15:48 IST 2026 



________________________________________
From: nemo-ddos at host.geant.org <nemo-ddos at host.geant.org>
Sent: Tuesday, February 17, 2026 4:15:42 AM (UTC+02:00) Jerusalem
To: soc at geant.org
Subject: [Geant NeMo] Analysis for Alert #406614 CRIT: IUCC (AS378) - [Email_Analysis] [Customer] [IUCC]

Please find the analysis details for the Alert ID: 406614

Top-10 Src IPs by Packets:
    Packets   Est. Rate   % of Total                 Src IP
----------------------------------------------------------
  126231900      420773        30.6%         199.232.82.172
   45635700      152119        11.1%        151.101.242.172
   36386700      121289         8.8%   2001:bf8:900:d:2::71
   26142600       87142         6.3%          132.73.124.68
   21117600       70392         5.1%         132.73.124.236
   11211600       37372         2.7%          162.125.69.14
    6501900       21673         1.6%         216.58.204.138
    3686700       12289         0.9%          52.98.242.226
    3501300       11671         0.8%          13.107.136.10
    3120300       10401         0.8%          16.15.217.244

Top-10 Dst IPs by Packets:
   Packets   Est. Rate   % of Total                Dst IP
--------------------------------------------------------
  79953900      266513        19.4%         132.73.124.68
  74938800      249796        18.1%        132.73.124.236
  53297100      177657        12.9%        199.232.82.172
  12151800       40506         2.9%          132.76.61.53
   8487300       28291         2.1%       128.139.225.242
   8211900       27373         2.0%   2607:f8f0:660:4::18
   6586800       21956         1.6%          132.73.124.8
   5960400       19868         1.4%         132.74.74.134
   4821000       16070         1.2%         192.114.3.241
   4230000       14100         1.0%         128.139.200.4

Top-10 Possible Targets by Bytes:
                Src IP   Src Port           Dst IP   Dst Port   Sampled Count
---------------------------------------------------------------------------
        199.232.82.172                                           180756810000
        199.232.82.172        443                                171042559200
                                     132.73.124.68               114486191700
                              443    132.73.124.68               114446335500
                                    132.73.124.236               107055762000
                              443   132.73.124.236               106858075500
       151.101.242.172                                            65041443600
       151.101.242.172        443                                 63891431400
  2001:bf8:900:d:2::71       8443                                 54557316600
  2001:bf8:900:d:2::71                                            54557316600

Metric Info:
1M Packets/s

Alert Type:
time_window

Alert Description:
High packet rate

Start Time: 2026-02-17 02:11:28
End Time: ongoing

First Event Seen: 2026-02-17 02:09:00
Last Event Seen: 2026-02-17 02:14:00

Further Details:
https://primary.nemo.geant.org/alerts/details/406614/

More information about the Nemo-ddos-list mailing list