[NeMo-DDoS-List] FW: [Geant NeMo] Analysis for Alert #228186 CRIT: IUCC (AS378) - [Customer] [Email_Analysis] [IUCC]
Hank Nussbacher
hank at mail.iucc.ac.il
Sat Jan 10 12:18:05 IST 2026
________________________________________
From: nemo-ddos at host.geant.org <nemo-ddos at host.geant.org>
Sent: Saturday, January 10, 2026 12:17:57 PM (UTC+02:00) Jerusalem
To: soc at geant.org
Subject: [Geant NeMo] Analysis for Alert #228186 CRIT: IUCC (AS378) - [Customer] [Email_Analysis] [IUCC]
Please find the analysis details for the Alert ID: 228186
Top-10 Src IPs by Packets:
Packets Est. Rate % of Total Src IP
----------------------------------------------------
82523100 275077 22.1% 142.250.181.174
34294500 114315 9.2% 23.41.187.31
31698600 105662 8.5% 23.41.187.5
23349300 77831 6.2% 199.232.82.172
15241500 50805 4.1% 162.125.69.14
14645700 48819 3.9% 151.101.242.172
4375800 14586 1.2% 57.144.248.192
4283400 14278 1.1% 142.251.140.106
4164900 13883 1.1% 20.209.177.33
3061800 10206 0.8% 79.124.49.10
Top-10 Dst IPs by Packets:
Packets Est. Rate % of Total Dst IP
---------------------------------------------------
24153300 80511 6.5% 132.73.124.72
17556300 58521 4.7% 132.73.124.8
17454900 58183 4.7% 192.114.23.221
15760200 52534 4.2% 132.73.124.68
14499900 48333 3.9% 132.76.61.53
10843200 36144 2.9% 132.73.124.236
10576800 35256 2.8% 132.73.124.48
8884500 29615 2.4% 199.232.82.172
8629500 28765 2.3% 132.73.124.112
8309400 27698 2.2% 132.73.124.88
Top-10 Possible Targets by Bytes:
Src IP Src Port Dst IP Dst Port Sampled Count
---------------------------------------------------------------------
142.250.181.174 119332065900
142.250.181.174 443 119331893100
23.41.187.31 443 51285233100
23.41.187.31 51285233100
23.41.187.5 443 47430720300
23.41.187.5 47430720300
132.73.124.72 33842282100
443 132.73.124.72 33840647700
199.232.82.172 33210094200
199.232.82.172 443 31776747900
Metric Info:
1M Packets/s
Alert Type:
time_window
Alert Description:
High packet rate.
Start Time: 2026-01-10 10:13:44
End Time: ongoing
First Event Seen: 2026-01-10 10:11:00
Last Event Seen: 2026-01-10 10:16:00
Further Details:
https://secondary.nemo.geant.org/alerts/details/228186/
More information about the Nemo-ddos-list
mailing list