[NeMo-DDoS-List] FW: [Geant NeMo] Analysis for Alert #408313 CRIT: IUCC (AS378) - [Email_Analysis] [Customer] [IUCC]

Hank Nussbacher hank at mail.iucc.ac.il
Fri Feb 27 20:07:55 IST 2026 



________________________________________
From: nemo-ddos at host.geant.org <nemo-ddos at host.geant.org>
Sent: Friday, February 27, 2026 8:07:49 PM (UTC+02:00) Jerusalem
To: soc at geant.org
Subject: [Geant NeMo] Analysis for Alert #408313 CRIT: IUCC (AS378) - [Email_Analysis] [Customer] [IUCC]

Please find the analysis details for the Alert ID: 408313

Top-10 Src IPs by Packets:
    Packets   Est. Rate   % of Total            Src IP
-----------------------------------------------------
  109302900      364343        34.4%     82.147.84.134
   31854000      106180        10.0%      82.147.84.47
   16356600       54522         5.1%     162.125.69.14
   10264500       34215         3.2%     82.147.84.129
    6890700       22969         2.2%   162.159.140.167
    5020200       16734         1.6%    57.144.248.192
    3753600       12512         1.2%       92.61.235.4
    3611100       12037         1.1%    157.240.253.63
    3465300       11551         1.1%    57.144.244.192
    2799300        9331         0.9%     52.98.242.226

Top-10 Dst IPs by Packets:
   Packets   Est. Rate   % of Total            Dst IP
----------------------------------------------------
  16296900       54323         5.1%   128.139.225.242
  14430600       48102         4.5%     132.77.89.154
   7158900       23863         2.3%     128.139.221.5
   6012900       20043         1.9%     128.139.200.5
   4738200       15794         1.5%      192.114.2.38
   4260600       14202         1.3%     132.68.55.148
   4203900       14013         1.3%     128.139.200.4
   3220800       10736         1.0%     192.114.52.11
   2866200        9554         0.9%    132.73.124.104
   2534100        8447         0.8%      132.76.61.53

Top-10 Possible Targets by Bytes:
         Src IP   Src Port            Dst IP   Dst Port   Sampled Count
---------------------------------------------------------------------
  162.125.69.14        443                                  23889147900
  162.125.69.14                                             23889147900
  162.125.69.14                                   59541     21397708800
                       443     132.77.89.154                21397708800
                               132.77.89.154      59541     21397708800
                               132.77.89.154                21397708800
                             128.139.225.242                19755216000
                       443   128.139.225.242                17153823000
                       443     128.139.221.5                10611353400
                               128.139.221.5                10611353400

Metric Info:
1M Packets/s

Alert Type:
time_window

Alert Description:
High packet rate

Start Time: 2026-02-27 18:03:33
End Time: ongoing

First Event Seen: 2026-02-27 18:01:00
Last Event Seen: 2026-02-27 18:06:00

Further Details:
https://primary.nemo.geant.org/alerts/details/408313/

More information about the Nemo-ddos-list mailing list