[NeMo-DDoS-List] FW: [Geant NeMo] Analysis for Alert #408579 CRIT: IUCC (AS378) - [Email_Analysis] [Customer] [IUCC]

Hank Nussbacher hank at mail.iucc.ac.il
Sun Mar 1 18:01:45 IST 2026 



________________________________________
From: nemo-ddos at host.geant.org <nemo-ddos at host.geant.org>
Sent: Sunday, March 1, 2026 6:01:38 PM (UTC+02:00) Jerusalem
To: soc at geant.org
Subject: [Geant NeMo] Analysis for Alert #408579 CRIT: IUCC (AS378) - [Email_Analysis] [Customer] [IUCC]

Please find the analysis details for the Alert ID: 408579

Top-10 Src IPs by Packets:
   Packets   Est. Rate   % of Total                 Src IP
---------------------------------------------------------
  39881100      132937        12.8%            65.9.175.17
  37692300      125641        12.1%            65.9.175.95
  37038900      123463        11.9%            65.9.175.44
  32533200      108444        10.5%           65.9.175.125
   5847900       19493         1.9%          128.139.10.50
   5264700       17549         1.7%   2001:bf8:900:d:2::71
   3063300       10211         1.0%           52.84.151.16
   2990400        9968         1.0%          13.107.136.10
   2941200        9804         0.9%          162.125.69.15
   2330100        7767         0.8%           52.84.151.30

Top-10 Dst IPs by Packets:
    Packets   Est. Rate   % of Total                Dst IP
---------------------------------------------------------
  147167100      490557        47.4%          132.70.60.10
   10697100       35657         3.4%       128.139.225.242
    9025500       30085         2.9%         132.66.253.82
    5847900       19493         1.9%       193.189.127.180
    5767800       19226         1.9%         128.139.200.4
    5250900       17503         1.7%   2607:f8f0:660:4::12
    4615500       15385         1.5%         128.139.200.5
    4106100       13687         1.3%        192.114.23.221
    3621900       12073         1.2%         132.73.124.97
    3241200       10804         1.0%          192.114.2.38

Top-10 Possible Targets by Bytes:
        Src IP   Src Port         Dst IP   Dst Port   Sampled Count
-----------------------------------------------------------------
                      443   132.70.60.10               199996792800
                            132.70.60.10               199996792800
   65.9.175.17        443                               55210071300
   65.9.175.17                                          55210071300
   65.9.175.95        443                               50297460300
   65.9.175.95                                          50297460300
   65.9.175.44        443                               49514644800
   65.9.175.44                                          49514644800
  65.9.175.125        443                               44956199100
  65.9.175.125                                          44956199100

Metric Info:
1M Packets/s

Alert Type:
time_window

Alert Description:
High packet rate

Start Time: 2026-03-01 15:57:27
End Time: ongoing

First Event Seen: 2026-03-01 15:55:00
Last Event Seen: 2026-03-01 16:00:00

Further Details:
https://primary.nemo.geant.org/alerts/details/408579/

More information about the Nemo-ddos-list mailing list