[NeMo-DDoS-List] FW: [Geant NeMo] Analysis for Alert #163347 WARN: IUCC (AS378) - [Customer] [Email_Analysis] [IUCC]
Hank Nussbacher
hank at mail.iucc.ac.il
Mon Aug 12 16:35:45 IDT 2024
________________________________________
From: nemo-ddos at geant.org <nemo-ddos at geant.org>
Sent: Monday, August 12, 2024 4:35:38 PM (UTC+02:00) Jerusalem
To: soc at geant.org
Subject: [Geant NeMo] Analysis for Alert #163347 WARN: IUCC (AS378) - [Customer] [Email_Analysis] [IUCC]
Please find the analysis details for the Alert ID: 163347
Top-10 Src IPs by Packets:
Packets Est. Rate % of Total Src IP
--------------------------------------------------
2589600 8632 5.5% 104.152.52.238
2124300 7081 4.5% 104.152.52.164
2109600 7032 4.5% 104.152.52.220
2103300 7011 4.5% 104.152.52.102
2103000 7010 4.5% 104.152.52.131
2100000 7000 4.5% 104.152.52.128
2096400 6988 4.5% 104.152.52.208
2083500 6945 4.5% 104.152.52.135
1983000 6610 4.2% 104.152.52.242
1340100 4467 2.9% 104.152.52.240
Top-10 Dst IPs by Packets:
Packets Est. Rate % of Total Dst IP
---------------------------------------------------
458100 1527 1.0% 172.217.22.67
128400 428 0.3% 192.114.105.254
98100 327 0.2% 132.76.61.53
86100 287 0.2% 132.76.61.54
61500 205 0.1% 132.71.160.97
59400 198 0.1% 132.75.245.206
58800 196 0.1% 104.22.48.147
58200 194 0.1% 128.139.200.5
44400 148 0.1% 128.139.225.245
43200 144 0.1% 15.184.16.189
Top-10 Possible Targets by Bytes:
Src IP Src Port Dst IP Dst Port Sampled Count
--------------------------------------------------------------------
128.139.200.5 443 637995000
128.139.200.5 637995000
128.139.200.5 34242 637652400
34242 172.217.22.67 637652400
172.217.22.67 443 637652400
172.217.22.67 637652400
132.66.102.46 443 193852200
132.66.102.46 193852200
104.152.52.238 103584000
104.152.52.164 49241 84972000
Metric Info:
268k SYN Packets/s
Alert Type:
time_window
Alert Description:
High SYN packet rate.
Start Time: 2024-08-12 13:29:35
End Time: ongoing
First Event Seen: 2024-08-12 13:27:00
Last Event Seen: 2024-08-12 13:34:00
Further Details:
https://secondary.nemo.geant.org/alerts/details/163347/
More information about the Nemo-ddos-list
mailing list