[NeMo-DDoS-List] FW: [Geant NeMo] Analysis for Alert #408313 WARN: IUCC (AS378) - [Email_Analysis] [Customer] [IUCC]

Hank Nussbacher hank at mail.iucc.ac.il
Fri Feb 27 20:03:52 IST 2026 



________________________________________
From: nemo-ddos at host.geant.org <nemo-ddos at host.geant.org>
Sent: Friday, February 27, 2026 8:03:46 PM (UTC+02:00) Jerusalem
To: soc at geant.org
Subject: [Geant NeMo] Analysis for Alert #408313 WARN: IUCC (AS378) - [Email_Analysis] [Customer] [IUCC]

Please find the analysis details for the Alert ID: 408313

Top-10 Src IPs by Packets:
   Packets   Est. Rate   % of Total            Src IP
----------------------------------------------------
  90671700      302239        36.9%     82.147.84.134
  13235700       44119         5.4%      82.147.84.47
  12971100       43237         5.3%     162.125.69.14
   5773200       19244         2.3%   162.159.140.167
   5456700       18189         2.2%     82.147.84.129
   4146300       13821         1.7%    57.144.248.192
   3567600       11892         1.5%       92.61.235.4
   2964900        9883         1.2%    157.240.253.63
   2816100        9387         1.1%    57.144.244.192
   2298000        7660         0.9%     52.98.242.226

Top-10 Dst IPs by Packets:
   Packets   Est. Rate   % of Total            Dst IP
----------------------------------------------------
  13470300       44901         5.5%   128.139.225.242
  11349600       37832         4.6%     132.77.89.154
   5993100       19977         2.4%     128.139.221.5
   4934400       16448         2.0%     128.139.200.5
   3892200       12974         1.6%      192.114.2.38
   3775500       12585         1.5%     132.68.55.148
   3468600       11562         1.4%     128.139.200.4
   2397900        7993         1.0%    132.73.124.104
   2367300        7891         1.0%      132.76.61.53
   2243700        7479         0.9%     192.114.52.11

Top-10 Possible Targets by Bytes:
         Src IP   Src Port            Dst IP   Dst Port   Sampled Count
---------------------------------------------------------------------
  162.125.69.14        443                                  18913770600
  162.125.69.14                                             18913770600
  162.125.69.14                                   59541     16826780400
                       443     132.77.89.154                16826780400
                               132.77.89.154      59541     16826780400
                               132.77.89.154                16826780400
                             128.139.225.242                16249990500
                       443   128.139.225.242                13985367900
                       443     128.139.221.5                 8869426800
                               128.139.221.5                 8869426800

Metric Info:
1M Packets/s

Alert Type:
time_window

Alert Description:
High packet rate

Start Time: 2026-02-27 18:03:33
End Time: ongoing

First Event Seen: 2026-02-27 18:01:00
Last Event Seen: 2026-02-27 18:02:00

Further Details:
https://primary.nemo.geant.org/alerts/details/408313/

More information about the Nemo-ddos-list mailing list