[NeMo-DDoS-List] FW: [Geant NeMo] Analysis for Alert #408917 CRIT: IUCC (AS378) - [Email_Analysis] [Customer] [IUCC]

Hank Nussbacher hank at mail.iucc.ac.il
Wed Mar 4 17:34:05 IST 2026 



________________________________________
From: nemo-ddos at host.geant.org <nemo-ddos at host.geant.org>
Sent: Wednesday, March 4, 2026 5:33:59 PM (UTC+02:00) Jerusalem
To: soc at geant.org
Subject: [Geant NeMo] Analysis for Alert #408917 CRIT: IUCC (AS378) - [Email_Analysis] [Customer] [IUCC]

Please find the analysis details for the Alert ID: 408917

Top-10 Src IPs by Packets:
   Packets   Est. Rate   % of Total            Src IP
----------------------------------------------------
  49871100      166237        13.9%      84.53.132.80
  40544400      135148        11.3%      84.53.132.17
  19652700       65509         5.5%    23.206.251.123
  17208600       57362         4.8%    23.206.251.115
  16915200       56384         4.7%     172.217.23.65
  15520500       51735         4.3%   162.159.140.167
  10960500       36535         3.1%    192.178.202.95
   7958400       26528         2.2%   151.101.122.172
   5616600       18722         1.6%      2.22.208.103
   4392900       14643         1.2%     162.125.66.14

Top-10 Dst IPs by Packets:
   Packets   Est. Rate   % of Total            Dst IP
----------------------------------------------------
  24393900       81313         6.8%     132.73.124.48
  20091600       66972         5.6%     132.64.196.57
  12713700       42379         3.5%    132.73.124.168
  12278400       40928         3.4%     132.73.124.72
  12106800       40356         3.4%     128.139.221.5
  11577000       38590         3.2%      132.73.124.8
  11469000       38230         3.2%     132.70.60.180
  10107000       33690         2.8%    132.73.124.196
   9689400       32298         2.7%   128.139.225.242
   9256800       30856         2.6%     132.73.124.32

Top-10 Possible Targets by Bytes:
          Src IP   Src Port          Dst IP   Dst Port   Sampled Count
--------------------------------------------------------------------
    84.53.132.80        443                                74699950500
    84.53.132.80                                           74699950500
    84.53.132.17        443                                60661382100
    84.53.132.17                                           60661382100
                        443   132.73.124.48                34407777600
                              132.73.124.48                34407777600
  23.206.251.123        443                                29420108400
  23.206.251.123                                           29420108400
                        443   132.64.196.57                26896264500
                              132.64.196.57                26896264500

Metric Info:
1M Packets/s

Alert Type:
time_window

Alert Description:
High packet rate

Start Time: 2026-03-04 15:29:39
End Time: ongoing

First Event Seen: 2026-03-04 15:27:00
Last Event Seen: 2026-03-04 15:32:00

Further Details:
https://primary.nemo.geant.org/alerts/details/408917/

More information about the Nemo-ddos-list mailing list