[NeMo-DDoS-List] FW: [Geant NeMo] Analysis for Alert #408917 WARN: IUCC (AS378) - [Email_Analysis] [Customer] [IUCC]

Hank Nussbacher hank at mail.iucc.ac.il
Wed Mar 4 17:38:27 IST 2026 



________________________________________
From: nemo-ddos at host.geant.org <nemo-ddos at host.geant.org>
Sent: Wednesday, March 4, 2026 5:29:54 PM (UTC+02:00) Jerusalem
To: soc at geant.org
Subject: [Geant NeMo] Analysis for Alert #408917 WARN: IUCC (AS378) - [Email_Analysis] [Customer] [IUCC]

Please find the analysis details for the Alert ID: 408917

Top-10 Src IPs by Packets:
   Packets   Est. Rate   % of Total            Src IP
----------------------------------------------------
  31541700      105139        11.3%      84.53.132.80
  25207800       84026         9.0%      84.53.132.17
  18696000       62320         6.7%    23.206.251.123
  15989700       53299         5.7%    23.206.251.115
  15205800       50686         5.4%     172.217.23.65
  13034400       43448         4.7%   162.159.140.167
   8783700       29279         3.1%    192.178.202.95
   7522200       25074         2.7%   151.101.122.172
   4606800       15356         1.6%      2.22.208.103
   3908100       13027         1.4%     162.125.66.14

Top-10 Dst IPs by Packets:
   Packets   Est. Rate   % of Total            Dst IP
----------------------------------------------------
  18018600       60062         6.4%     132.73.124.48
  16219200       54064         5.8%     132.64.196.57
  10125900       33753         3.6%     128.139.221.5
  10038300       33461         3.6%     132.70.60.180
   8918700       29729         3.2%     132.73.124.72
   8228100       27427         2.9%      132.73.124.8
   8081100       26937         2.9%    132.73.124.168
   7997100       26657         2.9%   128.139.225.242
   6944400       23148         2.5%    132.73.124.196
   6417900       21393         2.3%     132.68.161.76

Top-10 Possible Targets by Bytes:
          Src IP   Src Port          Dst IP   Dst Port   Sampled Count
--------------------------------------------------------------------
    84.53.132.80        443                                47257977000
    84.53.132.80                                           47257977000
    84.53.132.17        443                                37719087300
    84.53.132.17                                           37719087300
  23.206.251.123        443                                27988419900
  23.206.251.123                                           27988419900
                        443   132.73.124.48                25379445000
                              132.73.124.48                25379445000
  23.206.251.115                                           23937357300
  23.206.251.115        443                                23932812900

Metric Info:
1M Packets/s

Alert Type:
time_window

Alert Description:
High packet rate

Start Time: 2026-03-04 15:29:39
End Time: ongoing

First Event Seen: 2026-03-04 15:27:00
Last Event Seen: 2026-03-04 15:28:00

Further Details:
https://primary.nemo.geant.org/alerts/details/408917/

More information about the Nemo-ddos-list mailing list