[NeMo-DDoS-List] FW: [Geant NeMo] Analysis for Alert #408603 WARN: IUCC (AS378) - [Email_Analysis] [Customer] [IUCC]

Hank Nussbacher hank at mail.iucc.ac.il
Sun Mar 1 22:20:46 IST 2026 



________________________________________
From: nemo-ddos at host.geant.org <nemo-ddos at host.geant.org>
Sent: Sunday, March 1, 2026 10:20:37 PM (UTC+02:00) Jerusalem
To: soc at geant.org
Subject: [Geant NeMo] Analysis for Alert #408603 WARN: IUCC (AS378) - [Email_Analysis] [Customer] [IUCC]

Please find the analysis details for the Alert ID: 408603

Top-10 Src IPs by Packets:
   Packets   Est. Rate   % of Total           Src IP
---------------------------------------------------
  22506000       75020        10.8%     18.161.97.31
  17514000       58380         8.4%     18.161.97.21
  16390800       54636         7.9%    18.161.97.115
   9043200       30144         4.3%     18.161.97.64
   8352300       27841         4.0%     132.69.32.62
   6235500       20785         3.0%    162.125.69.12
   4302000       14340         2.1%   173.222.107.89
   3005100       10017         1.4%   173.222.107.80
   2996700        9989         1.4%    62.80.235.213
   2658600        8862         1.3%   199.232.34.172

Top-10 Dst IPs by Packets:
   Packets   Est. Rate   % of Total            Dst IP
----------------------------------------------------
  65453700      218179        31.5%      132.69.32.62
  10927800       36426         5.3%   128.139.225.242
   5410200       18034         2.6%    132.71.139.159
   5256000       17520         2.5%     132.66.253.82
   4231800       14106         2.0%     128.139.200.5
   4152300       13841         2.0%     128.139.200.4
   3321300       11071         1.6%     192.114.52.13
   3216900       10723         1.5%    192.114.23.221
   3202200       10674         1.5%      192.114.2.38
   2878500        9595         1.4%      18.161.97.31

Top-10 Possible Targets by Bytes:
         Src IP   Src Port         Dst IP   Dst Port   Sampled Count
------------------------------------------------------------------
                       443   132.69.32.62                96779008500
                             132.69.32.62                96779008500
   18.161.97.31        443                               33275040600
   18.161.97.31                                          33275040600
   18.161.97.21        443                               25894993500
   18.161.97.21                                          25894993500
  18.161.97.115        443                               24238443000
  18.161.97.115                                          24238443000
   18.161.97.64        443                               13371252300
   18.161.97.64                                          13371252300

Metric Info:
1M Packets/s

Alert Type:
time_window

Alert Description:
High packet rate

Start Time: 2026-03-01 20:20:28
End Time: ongoing

First Event Seen: 2026-03-01 20:18:00
Last Event Seen: 2026-03-01 20:19:00

Further Details:
https://primary.nemo.geant.org/alerts/details/408603/

More information about the Nemo-ddos-list mailing list