[NeMo-DDoS-List] FW: [Geant NeMo] Analysis for Alert #410886 WARN: IUCC (AS378) - [Email_Analysis] [Customer] [IUCC]

Hank Nussbacher hank at mail.iucc.ac.il
Fri Mar 20 11:45:37 IST 2026 



________________________________________
From: nemo-ddos at host.geant.org <nemo-ddos at host.geant.org>
Sent: Friday, March 20, 2026 11:45:27 AM (UTC+02:00) Jerusalem
To: soc at geant.org
Subject: [Geant NeMo] Analysis for Alert #410886 WARN: IUCC (AS378) - [Email_Analysis] [Customer] [IUCC]

Please find the analysis details for the Alert ID: 410886

Top-10 Src IPs by Packets:
   Packets   Est. Rate   % of Total          Src IP
--------------------------------------------------
  27359400       91198         8.9%    54.192.35.39
  23331300       77771         7.6%    54.192.35.22
  22996200       76654         7.5%    54.192.35.42
  22575300       75251         7.3%   54.192.35.108
  13920900       46403         4.5%   152.42.211.40
  13512000       45040         4.4%     134.70.40.1
   8982600       29942         2.9%   3.167.227.112
   8306700       27689         2.7%    3.167.227.74
   7559400       25198         2.5%    3.167.227.13
   6315600       21052         2.1%    3.164.182.57

Top-10 Dst IPs by Packets:
    Packets   Est. Rate   % of Total            Dst IP
-----------------------------------------------------
  143074200      476914        46.5%     132.70.60.180
   13512000       45040         4.4%     132.76.220.37
    6317100       21057         2.1%     132.69.32.113
    5537700       18459         1.8%     132.74.74.134
    4885200       16284         1.6%   128.139.225.242
    3907500       13025         1.3%     128.139.200.4
    3880500       12935         1.3%     128.139.200.5
    3649500       12165         1.2%     128.139.221.5
    2191800        7306         0.7%      132.76.61.51
    2031300        6771         0.7%      132.76.61.54

Top-10 Possible Targets by Bytes:
         Src IP   Src Port          Dst IP   Dst Port   Sampled Count
-------------------------------------------------------------------
                       443   132.70.60.180               211499076900
                             132.70.60.180               211499076900
   54.192.35.39        443                                40431286500
   54.192.35.39                                           40431286500
   54.192.35.42        443                                33991812000
   54.192.35.42                                           33991812000
   54.192.35.22        443                                33724359900
   54.192.35.22                                           33724359900
  54.192.35.108        443                                33369006000
  54.192.35.108                                           33369006000

Metric Info:
1M Packets/s

Alert Type:
time_window

Alert Description:
High packet rate

Start Time: 2026-03-20 08:20:35
End Time: ongoing

First Event Seen: 2026-03-20 08:17:00
Last Event Seen: 2026-03-20 08:19:00

Further Details:
https://primary.nemo.geant.org/alerts/details/410886/

More information about the Nemo-ddos-list mailing list