[NeMo-DDoS-List] FW: [Geant NeMo] Analysis for Alert #248663 WARN: IUCC (AS378) - [Email_Analysis] [IUCC] [Customer]
Hank Nussbacher
hank at mail.iucc.ac.il
Mon May 18 11:39:35 IDT 2026
________________________________________
From: nemo-ddos at host.geant.org <nemo-ddos at host.geant.org>
Sent: Monday, May 18, 2026 11:39:26 AM (UTC+02:00) Jerusalem
To: soc at geant.org
Subject: [Geant NeMo] Analysis for Alert #248663 WARN: IUCC (AS378) - [Email_Analysis] [IUCC] [Customer]
Please find the analysis details for the Alert ID: 248663
Top-10 Src IPs by Packets:
Packets Est. Rate % of Total Src IP
--------------------------------------------------
3361200 11204 4.8% 52.98.237.162
2078100 6927 3.0% 13.107.138.10
1746900 5823 2.5% 57.144.248.192
1711500 5705 2.5% 93.123.17.252
1510500 5035 2.2% 13.107.136.10
1292400 4308 1.9% 172.217.23.65
1021200 3404 1.5% 40.99.217.50
904500 3015 1.3% 52.98.237.146
891900 2973 1.3% 57.144.244.192
885000 2950 1.3% 172.217.23.74
Top-10 Dst IPs by Packets:
Packets Est. Rate % of Total Dst IP
---------------------------------------------------
2760900 9203 4.0% 192.114.2.35
2253900 7513 3.3% 132.76.61.52
2135700 7119 3.1% 128.139.200.4
1998600 6662 2.9% 192.114.105.254
1967700 6559 2.8% 132.76.61.53
1556100 5187 2.2% 128.139.200.5
1455900 4853 2.1% 132.68.80.70
1414800 4716 2.0% 192.114.91.244
1350300 4501 1.9% 132.76.10.42
1327500 4425 1.9% 192.114.3.241
Top-10 Possible Targets by Bytes:
Src IP Src Port Dst IP Dst Port Sampled Count
----------------------------------------------------------------------
443 128.139.200.4 2924226000
128.139.200.4 2924226000
93.123.17.252 80 2446665300
93.123.17.252 2446665300
57.144.248.192 443 2323654800
57.144.248.192 2323654800
443 128.139.200.5 2083451100
128.139.200.5 2083451100
132.76.61.53 1958716200
192.114.105.254 1731391200
Metric Info:
1M ACK Packets/s
Alert Type:
time_window
Alert Description:
High ACK packet rate.
Start Time: 2026-05-18 08:33:52
End Time: ongoing
First Event Seen: 2026-05-18 08:31:00
Last Event Seen: 2026-05-18 08:36:00
Further Details:
https://secondary.nemo.geant.org/alerts/details/248663/
More information about the Nemo-ddos-list
mailing list