[NeMo-DDoS-List] FW: [Geant NeMo] Analysis for Alert #238594 WARN: IUCC (AS378) - [Customer] [Email_Analysis] [IUCC]

Sat Mar 21 23:55:14 IST 2026

________________________________________
From: nemo-ddos at host.geant.org <nemo-ddos at host.geant.org>
Sent: Saturday, March 21, 2026 11:55:04 PM (UTC+02:00) Jerusalem
To: soc at geant.org
Subject: [Geant NeMo] Analysis for Alert #238594 WARN: IUCC (AS378) - [Customer] [Email_Analysis] [IUCC]

Please find the analysis details for the Alert ID: 238594

Top-10 Src IPs by Packets:
   Packets   Est. Rate   % of Total           Src IP
---------------------------------------------------
  12499500       41665         5.8%    152.42.211.40
   8485200       28284         4.0%   142.251.209.59
   6348300       21161         3.0%    57.150.87.129
   3544200       11814         1.7%   52.217.198.233
   2615400        8718         1.2%    93.123.17.252
   2368200        7894         1.1%       45.205.1.3
   1995600        6652         0.9%   57.144.248.192
   1871100        6237         0.9%   157.240.253.63
   1838100        6127         0.9%    54.224.250.82
   1814100        6047         0.8%    34.203.224.37

Top-10 Dst IPs by Packets:
  Packets   Est. Rate   % of Total            Dst IP
---------------------------------------------------
  9261600       30872         4.3%   128.139.225.242
  8484000       28280         4.0%     132.68.39.202
  6348300       21161         3.0%     132.66.43.189
  3544500       11815         1.7%     132.66.114.24
  3480000       11600         1.6%     128.139.200.5
  2270700        7569         1.1%     128.139.200.4
  2101200        7004         1.0%     192.114.3.241
  1863300        6211         0.9%      132.76.61.54
  1750200        5834         0.8%    192.114.23.221
  1571400        5238         0.7%    192.114.91.245

Top-10 Possible Targets by Bytes:
          Src IP   Src Port            Dst IP   Dst Port   Sampled Count
----------------------------------------------------------------------
                              128.139.225.242                12068057100
  142.251.209.59                                             12050171400
  142.251.209.59         80                                  12049728900
                         80     132.68.39.202                12049728900
                                132.68.39.202                12049728900
  142.251.209.59                                   54390     10946631000
                                132.68.39.202      54390     10946631000
                        443   128.139.225.242                 9616613400
   57.150.87.129        443                                   9509142900
   57.150.87.129                                              9509142900

Metric Info:
1M Packets/s

Alert Type:
time_window

Alert Description:
High packet rate.

Start Time: 2026-03-21 21:54:54
End Time: ongoing

First Event Seen: 2026-03-21 21:52:00
Last Event Seen: 2026-03-21 21:53:00

Further Details:
https://secondary.nemo.geant.org/alerts/details/238594/