[NeMo-DDoS-List] FW: [Geant NeMo] Analysis for Alert #247307 WARN: IUCC (AS378) - [Email_Analysis] [IUCC] [Customer]

Hank Nussbacher hank at mail.iucc.ac.il
Fri May 8 12:07:22 IDT 2026 



________________________________________
From: nemo-ddos at host.geant.org <nemo-ddos at host.geant.org>
Sent: Friday, May 8, 2026 12:07:13 PM (UTC+02:00) Jerusalem
To: soc at geant.org
Subject: [Geant NeMo] Analysis for Alert #247307 WARN: IUCC (AS378) - [Email_Analysis] [IUCC] [Customer]

Please find the analysis details for the Alert ID: 247307

Top-10 Src IPs by Packets:
   Packets   Est. Rate   % of Total            Src IP
----------------------------------------------------
  92204700      307349        28.5%      159.60.33.33
  18816600       62722         5.8%   142.251.110.132
   8989800       29966         2.8%      159.60.33.37
   5312700       17709         1.6%     132.73.124.48
   5279700       17599         1.6%     132.73.124.72
   5017200       16724         1.6%    57.144.248.192
   4141800       13806         1.3%      132.73.124.8
   3843600       12812         1.2%     132.73.124.68
   3837600       12792         1.2%    157.240.253.63
   3711000       12370         1.1%    57.144.244.192

Top-10 Dst IPs by Packets:
   Packets   Est. Rate   % of Total            Dst IP
----------------------------------------------------
  92204700      307349        28.5%    128.139.220.91
  23407800       78026         7.2%     95.100.170.58
  22332000       74440         6.9%     95.100.170.57
  18814500       62715         5.8%     132.66.193.31
  10143000       33810         3.1%   128.139.225.242
   9137700       30459         2.8%      192.114.5.10
   8989800       29966         2.8%    128.139.220.90
   6198900       20663         1.9%      132.76.61.51
   4429500       14765         1.4%    192.114.23.221
   4226700       14089         1.3%     128.139.200.4

Top-10 Possible Targets by Bytes:
           Src IP   Src Port           Dst IP   Dst Port   Sampled Count
----------------------------------------------------------------------
     159.60.33.33                                           133157701500
     159.60.33.33                                           133157701500
     159.60.33.33                                           133157701500
                               128.139.220.91               133157701500
                               128.139.220.91               133157701500
                               128.139.220.91               133157701500
  142.251.110.132        443                                 23869178700
  142.251.110.132                                            23869178700
                         443    132.66.193.31                23866437000
                                132.66.193.31                23866437000

Metric Info:
1M Packets/s

Alert Type:
time_window

Alert Description:
High packet rate.

Start Time: 2026-05-08 09:06:51
End Time: ongoing

First Event Seen: 2026-05-08 09:04:00
Last Event Seen: 2026-05-08 09:05:00

Further Details:
https://secondary.nemo.geant.org/alerts/details/247307/

More information about the Nemo-ddos-list mailing list