[NeMo-DDoS-List] FW: [Geant NeMo] Analysis for Alert #239418 WARN: IUCC (AS378) - [Email_Analysis] [IUCC] [Customer]

Hank Nussbacher hank at mail.iucc.ac.il
Sat Mar 28 22:12:19 IDT 2026 



________________________________________
From: nemo-ddos at host.geant.org <nemo-ddos at host.geant.org>
Sent: Saturday, March 28, 2026 10:12:05 PM (UTC+02:00) Jerusalem
To: soc at geant.org
Subject: [Geant NeMo] Analysis for Alert #239418 WARN: IUCC (AS378) - [Email_Analysis] [IUCC] [Customer]

Please find the analysis details for the Alert ID: 239418

Top-10 Src IPs by Packets:
   Packets   Est. Rate   % of Total            Src IP
----------------------------------------------------
  41648100      138827        15.8%      18.161.97.21
  19377900       64593         7.3%      18.161.97.31
  18849300       62831         7.1%     18.161.97.115
  15433200       51444         5.8%      18.161.97.64
  13485300       44951         5.1%     152.42.211.40
   8869500       29565         3.4%      94.139.32.39
   7040700       23469         2.7%      132.68.38.55
   6733200       22444         2.5%   172.217.169.251
   6267600       20892         2.4%      132.68.38.70
   5712000       19040         2.2%   151.101.122.172

Top-10 Dst IPs by Packets:
   Packets   Est. Rate   % of Total            Dst IP
----------------------------------------------------
  50314500      167715        19.1%      132.68.38.55
  44997600      149992        17.0%      132.68.38.70
  13996800       46656         5.3%     128.139.17.42
   8800800       29336         3.3%   128.139.225.242
   7110900       23703         2.7%     132.73.124.88
   5681700       18939         2.2%      18.161.97.21
   5099700       16999         1.9%     132.74.74.134
   4227900       14093         1.6%     128.139.200.4
   4151100       13837         1.6%     128.139.200.5
   2686800        8956         1.0%      18.161.97.31

Top-10 Possible Targets by Bytes:
         Src IP   Src Port         Dst IP   Dst Port   Sampled Count
------------------------------------------------------------------
                       443   132.68.38.55                74409774300
                             132.68.38.55                74409774300
                       443   132.68.38.70                66509174400
                             132.68.38.70                66509174400
   18.161.97.21        443                               61592253600
   18.161.97.21                                          61592253600
   18.161.97.31        443                               28653118200
   18.161.97.31                                          28653118200
  18.161.97.115        443                               27860824200
  18.161.97.115                                          27860824200

Metric Info:
1M Packets/s

Alert Type:
time_window

Alert Description:
High packet rate.

Start Time: 2026-03-28 19:11:53
End Time: ongoing

First Event Seen: 2026-03-28 19:09:00
Last Event Seen: 2026-03-28 19:10:00

Further Details:
https://secondary.nemo.geant.org/alerts/details/239418/

More information about the Nemo-ddos-list mailing list