[NeMo-DDoS-List] FW: [Geant NeMo] Analysis for Alert #228519 WARN: IUCC (AS378) - [Customer] [Email_Analysis] [IUCC]

Hank Nussbacher hank at mail.iucc.ac.il
Mon Jan 12 21:42:06 IST 2026 



________________________________________
From: nemo-ddos at host.geant.org <nemo-ddos at host.geant.org>
Sent: Monday, January 12, 2026 9:41:56 PM (UTC+02:00) Jerusalem
To: soc at geant.org
Subject: [Geant NeMo] Analysis for Alert #228519 WARN: IUCC (AS378) - [Customer] [Email_Analysis] [IUCC]

Please find the analysis details for the Alert ID: 228519

Top-10 Src IPs by Packets:
   Packets   Est. Rate   % of Total            Src IP
----------------------------------------------------
  19604700       65349         6.6%    146.75.122.172
  17518800       58396         5.9%       23.2.13.184
  14693100       48977         5.0%    57.144.244.192
  12399300       41331         4.2%    157.240.253.63
  11377500       37925         3.9%       23.2.13.219
  10298400       34328         3.5%       23.2.13.154
   5587500       18625         1.9%     34.104.35.123
   4932600       16442         1.7%   142.250.180.170
   4285500       14285         1.5%     104.83.87.197
   3771900       12573         1.3%      151.101.67.8

Top-10 Dst IPs by Packets:
   Packets   Est. Rate   % of Total            Dst IP
----------------------------------------------------
  21426600       71422         7.3%   128.139.225.245
  18936600       63122         6.4%    132.64.192.202
  10011900       33373         3.4%     128.139.200.5
   8237100       27457         2.8%     128.139.200.4
   5956500       19855         2.0%      192.114.5.10
   4910100       16367         1.7%     132.74.74.134
   4723500       15745         1.6%     192.114.52.14
   4542300       15141         1.5%    192.114.91.249
   3996000       13320         1.4%      192.114.52.7
   3823200       12744         1.3%      192.114.52.4

Top-10 Possible Targets by Bytes:
          Src IP   Src Port            Dst IP   Dst Port   Sampled Count
----------------------------------------------------------------------
  146.75.122.172                                             28021779000
     23.2.13.184        443                                  26038959300
     23.2.13.184                                             26038959300
  146.75.122.172        443                                  25160314500
                              128.139.225.245                20717418300
  57.144.244.192        443                                  18332351100
  57.144.244.192                                             18332351100
                               132.64.192.202                17327243100
                        443   128.139.225.245                17106861600
     23.2.13.219                                             14406357900

Metric Info:
1M Packets/s

Alert Type:
time_window

Alert Description:
High packet rate.

Start Time: 2026-01-12 19:41:46
End Time: ongoing

First Event Seen: 2026-01-12 19:39:00
Last Event Seen: 2026-01-12 19:40:00

Further Details:
https://secondary.nemo.geant.org/alerts/details/228519/

More information about the Nemo-ddos-list mailing list