[NeMo-DDoS-List] FW: [Geant NeMo] Analysis for Alert #239238 WARN: IUCC (AS378) - [Email_Analysis] [IUCC] [Customer]

Hank Nussbacher hank at mail.iucc.ac.il
Fri Mar 27 13:08:27 IDT 2026 



________________________________________
From: nemo-ddos at host.geant.org <nemo-ddos at host.geant.org>
Sent: Friday, March 27, 2026 1:08:18 PM (UTC+02:00) Jerusalem
To: soc at geant.org
Subject: [Geant NeMo] Analysis for Alert #239238 WARN: IUCC (AS378) - [Email_Analysis] [IUCC] [Customer]

Please find the analysis details for the Alert ID: 239238

Top-10 Src IPs by Packets:
   Packets   Est. Rate   % of Total            Src IP
----------------------------------------------------
  40759800      135866        16.5%   151.101.134.172
  14280900       47603         5.8%     23.32.238.193
  14023500       46745         5.7%     23.32.238.168
  11616900       38723         4.7%     152.42.211.40
   8410200       28034         3.4%       2.19.198.25
   7296000       24320         3.0%       2.19.198.33
   7074600       23582         2.9%     23.32.238.233
   3501600       11672         1.4%        45.205.1.3
   3146100       10487         1.3%     52.98.237.162
   2954700        9849         1.2%     162.159.198.2

Top-10 Dst IPs by Packets:
   Packets   Est. Rate   % of Total            Dst IP
----------------------------------------------------
  15645300       52151         6.3%     132.73.124.48
  12629400       42098         5.1%    132.73.124.236
   9665100       32217         3.9%     132.73.124.32
   8018400       26728         3.3%    132.73.124.152
   7917900       26393         3.2%   128.139.225.242
   6711000       22370         2.7%     132.73.124.72
   6094500       20315         2.5%     132.73.124.68
   5736000       19120         2.3%    132.73.124.168
   4763400       15878         1.9%    132.73.124.172
   3961500       13205         1.6%    132.73.124.112

Top-10 Possible Targets by Bytes:
           Src IP   Src Port           Dst IP   Dst Port   Sampled Count
----------------------------------------------------------------------
  151.101.134.172                                            57910597500
  151.101.134.172        443                                 57771485100
                                132.73.124.48                23278521300
                         443    132.73.124.48                23268082500
    23.32.238.193                                            21325383600
    23.32.238.168        443                                 20984493900
    23.32.238.168                                            20984493900
    23.32.238.193        443                                 20979792300
                               132.73.124.236                18649574700
                         443   132.73.124.236                18649549500

Metric Info:
1M Packets/s

Alert Type:
time_window

Alert Description:
High packet rate.

Start Time: 2026-03-27 10:07:56
End Time: ongoing

First Event Seen: 2026-03-27 10:05:00
Last Event Seen: 2026-03-27 10:06:00

Further Details:
https://secondary.nemo.geant.org/alerts/details/239238/

More information about the Nemo-ddos-list mailing list