[NeMo-DDoS-List] FW: [Geant NeMo] Analysis for Alert #407744 WARN: IUCC (AS378) - [Email_Analysis] [Customer] [IUCC]

Hank Nussbacher hank at mail.iucc.ac.il
Mon Feb 23 19:12:39 IST 2026 



________________________________________
From: nemo-ddos at host.geant.org <nemo-ddos at host.geant.org>
Sent: Monday, February 23, 2026 7:12:33 PM (UTC+02:00) Jerusalem
To: soc at geant.org
Subject: [Geant NeMo] Analysis for Alert #407744 WARN: IUCC (AS378) - [Email_Analysis] [Customer] [IUCC]

Please find the analysis details for the Alert ID: 407744

Top-10 Src IPs by Packets:
   Packets   Est. Rate   % of Total            Src IP
----------------------------------------------------
  17931300       59771         5.1%    173.222.107.70
  14236800       47456         4.0%    173.222.107.92
   9574200       31914         2.7%    172.217.23.161
   8939100       29797         2.5%    57.144.248.192
   8601000       28670         2.4%     95.100.181.33
   8386200       27954         2.4%   192.178.202.136
   7455900       24853         2.1%    173.222.107.83
   6964800       23216         2.0%    157.240.253.63
   6626400       22088         1.9%    192.178.202.91
   6314700       21049         1.8%    57.144.244.192

Top-10 Dst IPs by Packets:
   Packets   Est. Rate   % of Total            Dst IP
----------------------------------------------------
  17091600       56972         4.8%   128.139.225.242
  10612800       35376         3.0%     132.73.124.72
  10537200       35124         3.0%     132.73.124.68
   9971700       33239         2.8%      132.73.124.8
   9679500       32265         2.7%      192.114.5.10
   9527400       31758         2.7%     132.68.64.203
   9367500       31225         2.6%    132.73.124.168
   8946900       29823         2.5%     128.139.200.5
   8205900       27353         2.3%     128.139.200.4
   7149300       23831         2.0%    132.73.124.112

Top-10 Possible Targets by Bytes:
          Src IP   Src Port            Dst IP   Dst Port   Sampled Count
----------------------------------------------------------------------
  173.222.107.70                                             26734064700
  173.222.107.70        443                                  24324113700
  173.222.107.92                                             21304843200
  173.222.107.92        443                                  21303435900
                              128.139.225.242                18189900000
                        443   128.139.225.242                16258634400
                                132.73.124.68                15058825500
                        443     132.73.124.68                15053369400
                        443     132.73.124.72                13526711100
                                132.73.124.72                13526711100

Metric Info:
2M Packets/s

Alert Type:
time_window

Alert Description:
High packet rate

Start Time: 2026-02-23 17:12:20
End Time: ongoing

First Event Seen: 2026-02-23 17:10:00
Last Event Seen: 2026-02-23 17:11:00

Further Details:
https://primary.nemo.geant.org/alerts/details/407744/

More information about the Nemo-ddos-list mailing list