[NeMo-DDoS-List] FW: [Geant NeMo] Analysis for Alert #163347 WARN: IUCC (AS378) - [Customer] [Email_Analysis] [IUCC]

Hank Nussbacher hank at mail.iucc.ac.il
Mon Aug 12 16:35:45 IDT 2024




________________________________________
From: nemo-ddos at geant.org <nemo-ddos at geant.org>
Sent: Monday, August 12, 2024 4:35:38 PM (UTC+02:00) Jerusalem
To: soc at geant.org
Subject: [Geant NeMo] Analysis for Alert #163347 WARN: IUCC (AS378) - [Customer] [Email_Analysis] [IUCC]

Please find the analysis details for the Alert ID: 163347

Top-10 Src IPs by Packets:
  Packets   Est. Rate   % of Total           Src IP
--------------------------------------------------
  2589600        8632         5.5%   104.152.52.238
  2124300        7081         4.5%   104.152.52.164
  2109600        7032         4.5%   104.152.52.220
  2103300        7011         4.5%   104.152.52.102
  2103000        7010         4.5%   104.152.52.131
  2100000        7000         4.5%   104.152.52.128
  2096400        6988         4.5%   104.152.52.208
  2083500        6945         4.5%   104.152.52.135
  1983000        6610         4.2%   104.152.52.242
  1340100        4467         2.9%   104.152.52.240

Top-10 Dst IPs by Packets:
  Packets   Est. Rate   % of Total            Dst IP
---------------------------------------------------
   458100        1527         1.0%     172.217.22.67
   128400         428         0.3%   192.114.105.254
    98100         327         0.2%      132.76.61.53
    86100         287         0.2%      132.76.61.54
    61500         205         0.1%     132.71.160.97
    59400         198         0.1%    132.75.245.206
    58800         196         0.1%     104.22.48.147
    58200         194         0.1%     128.139.200.5
    44400         148         0.1%   128.139.225.245
    43200         144         0.1%     15.184.16.189

Top-10 Possible Targets by Bytes:
          Src IP   Src Port          Dst IP   Dst Port   Sampled Count
--------------------------------------------------------------------
   128.139.200.5                                   443       637995000
   128.139.200.5                                             637995000
   128.139.200.5      34242                                  637652400
                      34242   172.217.22.67                  637652400
                              172.217.22.67        443       637652400
                              172.217.22.67                  637652400
   132.66.102.46                                   443       193852200
   132.66.102.46                                             193852200
  104.152.52.238                                             103584000
  104.152.52.164      49241                                   84972000

Metric Info:
268k SYN Packets/s

Alert Type:
time_window

Alert Description:
High SYN packet rate.

Start Time: 2024-08-12 13:29:35
End Time: ongoing

First Event Seen: 2024-08-12 13:27:00
Last Event Seen: 2024-08-12 13:34:00

Further Details:
https://secondary.nemo.geant.org/alerts/details/163347/


More information about the Nemo-ddos-list mailing list