[NeMo-DDoS-List] FW: [Geant NeMo] Analysis for Alert #229305 WARN: IUCC (AS378) - [IUCC] [Customer] [Email_Analysis]

Hank Nussbacher hank at mail.iucc.ac.il
Sat Jan 17 21:12:41 IST 2026 



________________________________________
From: nemo-ddos at host.geant.org <nemo-ddos at host.geant.org>
Sent: Saturday, January 17, 2026 9:12:31 PM (UTC+02:00) Jerusalem
To: soc at geant.org
Subject: [Geant NeMo] Analysis for Alert #229305 WARN: IUCC (AS378) - [IUCC] [Customer] [Email_Analysis]

Please find the analysis details for the Alert ID: 229305

Top-10 Src IPs by Packets:
   Packets   Est. Rate   % of Total                 Src IP
---------------------------------------------------------
  18245400       60818         7.5%          162.125.69.14
  16034100       53447         6.6%          18.66.218.111
  14833800       49446         6.1%            18.66.218.8
  14736600       49122         6.0%           18.66.218.37
  13696800       45656         5.6%          18.66.218.115
   5661000       18870         2.3%         57.144.248.192
   5019600       16732         2.1%   2001:bf8:900:d:2::71
   4433400       14778         1.8%         157.240.253.63
   3995100       13317         1.6%         57.144.244.192
   3929100       13097         1.6%         142.251.140.97

Top-10 Dst IPs by Packets:
   Packets   Est. Rate   % of Total            Dst IP
----------------------------------------------------
  59911800      199706        24.5%    132.73.124.180
  20321700       67739         8.3%      132.76.61.53
  13944600       46482         5.7%    132.64.192.202
  13842600       46142         5.7%   128.139.225.245
  10486200       34954         4.3%     132.76.80.106
   5841300       19471         2.4%     128.139.200.4
   5652000       18840         2.3%     128.139.200.5
   5279400       17598         2.2%     132.73.124.97
   5127300       17091         2.1%     132.74.74.134
   4810800       16036         2.0%     132.64.244.28

Top-10 Possible Targets by Bytes:
         Src IP   Src Port           Dst IP   Dst Port   Sampled Count
--------------------------------------------------------------------
                             132.73.124.180                87933785400
                       443   132.73.124.180                87931696800
                               132.76.61.53                29356857600
                       443     132.76.61.53                29353314000
  162.125.69.14        443                                 26959362000
  162.125.69.14                                            26959362000
  18.66.218.111        443                                 23706116700
  18.66.218.111                                            23706116700
  162.125.69.14                                  64690     22403695200
                               132.76.61.53      64690     22403695200

Metric Info:
1M Packets/s

Alert Type:
time_window

Alert Description:
High packet rate.

Start Time: 2026-01-17 19:12:22
End Time: ongoing

First Event Seen: 2026-01-17 19:10:00
Last Event Seen: 2026-01-17 19:11:00

Further Details:
https://secondary.nemo.geant.org/alerts/details/229305/

More information about the Nemo-ddos-list mailing list