[NeMo-DDoS-List] FW: [Geant NeMo] Analysis for Alert #408579 WARN: IUCC (AS378) - [Email_Analysis] [Customer] [IUCC]

Hank Nussbacher hank at mail.iucc.ac.il
Sun Mar 1 17:57:49 IST 2026 



________________________________________
From: nemo-ddos at host.geant.org <nemo-ddos at host.geant.org>
Sent: Sunday, March 1, 2026 5:57:36 PM (UTC+02:00) Jerusalem
To: soc at geant.org
Subject: [Geant NeMo] Analysis for Alert #408579 WARN: IUCC (AS378) - [Email_Analysis] [Customer] [IUCC]

Please find the analysis details for the Alert ID: 408579

Top-10 Src IPs by Packets:
   Packets   Est. Rate   % of Total                 Src IP
---------------------------------------------------------
  27664800       92216        11.7%            65.9.175.17
  23272200       77574         9.9%            65.9.175.44
  23047500       76825         9.8%            65.9.175.95
  22537500       75125         9.6%           65.9.175.125
   5830200       19434         2.5%          128.139.10.50
   4567200       15224         1.9%   2001:bf8:900:d:2::71
   2903700        9679         1.2%           52.84.151.16
   2469600        8232         1.0%          13.107.136.10
   2398500        7995         1.0%          162.125.69.15
   2160300        7201         0.9%           52.84.151.30

Top-10 Dst IPs by Packets:
   Packets   Est. Rate   % of Total                Dst IP
--------------------------------------------------------
  96539100      321797        41.0%          132.70.60.10
   8973000       29910         3.8%       128.139.225.242
   7941600       26472         3.4%         132.66.253.82
   5830200       19434         2.5%       193.189.127.180
   4728300       15761         2.0%         128.139.200.4
   4563000       15210         1.9%   2607:f8f0:660:4::12
   3780600       12602         1.6%         128.139.200.5
   3385800       11286         1.4%        192.114.23.221
   3191400       10638         1.4%          192.114.2.38
   2958000        9860         1.3%         132.73.124.97

Top-10 Possible Targets by Bytes:
        Src IP   Src Port         Dst IP   Dst Port   Sampled Count
-----------------------------------------------------------------
                      443   132.70.60.10               137905318800
                            132.70.60.10               137905318800
   65.9.175.17        443                               39739524300
   65.9.175.17                                          39739524300
   65.9.175.44        443                               33034724700
   65.9.175.44                                          33034724700
   65.9.175.95        443                               32807452800
   65.9.175.95                                          32807452800
  65.9.175.125        443                               32308789800
  65.9.175.125                                          32308789800

Metric Info:
1M Packets/s

Alert Type:
time_window

Alert Description:
High packet rate

Start Time: 2026-03-01 15:57:27
End Time: ongoing

First Event Seen: 2026-03-01 15:55:00
Last Event Seen: 2026-03-01 15:56:00

Further Details:
https://primary.nemo.geant.org/alerts/details/408579/

More information about the Nemo-ddos-list mailing list