[NeMo-DDoS-List] FW: [Geant NeMo] Analysis for Alert #407744 CRIT: IUCC (AS378) - [Email_Analysis] [Customer] [IUCC]

Hank Nussbacher hank at mail.iucc.ac.il
Mon Feb 23 19:16:43 IST 2026 



________________________________________
From: nemo-ddos at host.geant.org <nemo-ddos at host.geant.org>
Sent: Monday, February 23, 2026 7:16:37 PM (UTC+02:00) Jerusalem
To: soc at geant.org
Subject: [Geant NeMo] Analysis for Alert #407744 CRIT: IUCC (AS378) - [Email_Analysis] [Customer] [IUCC]

Please find the analysis details for the Alert ID: 407744

Top-10 Src IPs by Packets:
   Packets   Est. Rate   % of Total            Src IP
----------------------------------------------------
  24566700       81889         5.4%    173.222.107.70
  19852800       66176         4.4%    173.222.107.92
  13501800       45006         3.0%    173.222.107.83
  11518800       38396         2.5%    172.217.23.161
  10770300       35901         2.4%   192.178.202.136
  10729500       35765         2.4%    57.144.248.192
   8654700       28849         1.9%     95.100.181.33
   8589300       28631         1.9%    192.178.202.91
   8180400       27268         1.8%    157.240.253.63
   8135400       27118         1.8%   192.178.202.190

Top-10 Dst IPs by Packets:
   Packets   Est. Rate   % of Total            Dst IP
----------------------------------------------------
  21136500       70455         4.7%   128.139.225.242
  17040000       56800         3.8%     132.73.124.72
  14986500       49955         3.3%     132.73.124.68
  14655300       48851         3.2%      132.73.124.8
  13284000       44280         2.9%    132.73.124.168
  11457600       38192         2.5%     132.68.64.203
  11257800       37526         2.5%      192.114.5.10
  10807800       36026         2.4%     128.139.200.5
   9639300       32131         2.1%     128.139.200.4
   8775000       29250         1.9%    132.73.124.112

Top-10 Possible Targets by Bytes:
          Src IP   Src Port            Dst IP   Dst Port   Sampled Count
----------------------------------------------------------------------
  173.222.107.70                                             36581788500
  173.222.107.70        443                                  32688010800
  173.222.107.92                                             29705088000
  173.222.107.92        443                                  29701106700
                                132.73.124.72                22745454900
                        443     132.73.124.72                22745011200
                              128.139.225.242                22143293400
                                132.73.124.68                21678802200
                        443     132.73.124.68                21673346100
                        443   128.139.225.242                19918875900

Metric Info:
1M Packets/s

Alert Type:
time_window

Alert Description:
High packet rate

Start Time: 2026-02-23 17:12:20
End Time: ongoing

First Event Seen: 2026-02-23 17:10:00
Last Event Seen: 2026-02-23 17:15:00

Further Details:
https://primary.nemo.geant.org/alerts/details/407744/

More information about the Nemo-ddos-list mailing list