[NeMo-DDoS-List] FW: [Geant NeMo] Analysis for Alert #239573 WARN: IUCC (AS378) - [Email_Analysis] [IUCC] [Customer]

Hank Nussbacher hank at mail.iucc.ac.il
Mon Mar 30 07:46:02 IDT 2026 



________________________________________
From: nemo-ddos at host.geant.org <nemo-ddos at host.geant.org>
Sent: Monday, March 30, 2026 7:45:56 AM (UTC+02:00) Jerusalem
To: soc at geant.org
Subject: [Geant NeMo] Analysis for Alert #239573 WARN: IUCC (AS378) - [Email_Analysis] [IUCC] [Customer]

Please find the analysis details for the Alert ID: 239573

Top-10 Src IPs by Packets:
   Packets   Est. Rate   % of Total            Src IP
----------------------------------------------------
  21892500       72975        10.4%      23.32.238.96
  13911600       46372         6.6%    146.75.122.172
  11884200       39614         5.6%       2.19.198.48
   9838800       32796         4.7%       23.48.23.56
   8459400       28198         4.0%   142.251.141.251
   6927600       23092         3.3%     23.32.238.107
   6166200       20554         2.9%      23.48.23.148
   5126700       17089         2.4%     13.107.136.10
   5035200       16784         2.4%      23.48.23.139
   4269000       14230         2.0%       23.48.23.31

Top-10 Dst IPs by Packets:
  Packets   Est. Rate   % of Total           Dst IP
--------------------------------------------------
  8459400       28198         4.0%    132.76.220.37
  5793300       19311         2.7%    132.74.74.134
  5369700       17899         2.5%   132.71.124.123
  5206800       17356         2.5%   132.71.124.144
  4229700       14099         2.0%   132.71.124.139
  4094100       13647         1.9%   132.71.124.127
  4006200       13354         1.9%   132.71.124.117
  3541500       11805         1.7%    192.114.3.241
  3325500       11085         1.6%   132.71.124.140
  3318300       11061         1.6%    132.71.124.45

Top-10 Possible Targets by Bytes:
           Src IP   Src Port   Dst IP   Dst Port   Sampled Count
--------------------------------------------------------------
     23.32.238.96        443                         32529727500
     23.32.238.96                                    32529727500
   146.75.122.172                                    19051117500
      2.19.198.48        443                         17792762400
      2.19.198.48                                    17792762400
   146.75.122.172        443                         17535653100
      23.48.23.56                                    14609154900
      23.48.23.56        443                         14600621700
  142.251.141.251        443                         12001838700
  142.251.141.251                                    12001838700

Metric Info:
1M Packets/s

Alert Type:
time_window

Alert Description:
High packet rate.

Start Time: 2026-03-30 04:45:48
End Time: ongoing

First Event Seen: 2026-03-30 04:43:00
Last Event Seen: 2026-03-30 04:44:00

Further Details:
https://secondary.nemo.geant.org/alerts/details/239573/

More information about the Nemo-ddos-list mailing list