[NeMo-DDoS-List] FW: [Geant NeMo] Analysis for Alert #165682 WARN: IUCC (AS378) - [Customer] [Email_Analysis] [IUCC]
Hank Nussbacher
hank at mail.iucc.ac.il
Sun Aug 18 02:39:47 IDT 2024
________________________________________
From: nemo-ddos at geant.org <nemo-ddos at geant.org>
Sent: Sunday, August 18, 2024 2:39:39 AM (UTC+02:00) Jerusalem
To: soc at geant.org
Subject: [Geant NeMo] Analysis for Alert #165682 WARN: IUCC (AS378) - [Customer] [Email_Analysis] [IUCC]
Please find the analysis details for the Alert ID: 165682
Top-10 Src IPs by Packets:
Packets Est. Rate % of Total Src IP
--------------------------------------------------
2107800 7026 6.9% 104.152.52.183
2106300 7021 6.9% 104.152.52.139
1293300 4311 4.2% 104.152.52.225
1274400 4248 4.2% 64.23.192.227
1061700 3539 3.5% 104.152.52.243
1028700 3429 3.4% 104.152.52.202
1027800 3426 3.4% 104.152.52.206
1026900 3423 3.4% 104.152.52.210
994500 3315 3.3% 20.118.68.128
937500 3125 3.1% 104.152.52.194
Top-10 Dst IPs by Packets:
Packets Est. Rate % of Total Dst IP
--------------------------------------------------
55200 184 0.2% 15.184.34.127
41100 137 0.1% 104.22.48.147
38700 129 0.1% 132.76.61.53
38700 129 0.1% 128.139.200.5
37800 126 0.1% 192.114.91.244
35700 119 0.1% 132.65.240.60
35100 117 0.1% 132.76.61.54
29400 98 0.1% 128.139.7.33
26100 87 0.1% 15.184.38.202
25500 85 0.1% 192.114.1.187
Top-10 Possible Targets by Bytes:
Src IP Src Port Dst IP Dst Port Sampled Count
--------------------------------------------------------------------
104.152.52.183 56995 84312000
104.152.52.183 84312000
104.152.52.139 57100 84252000
104.152.52.139 84252000
443 128.139.200.5 53068800
128.139.200.5 53068800
173.194.188.73 443 52996800
173.194.188.73 59630 52996800
104.152.52.225 57102 51732000
104.152.52.225 51732000
Metric Info:
270k ACK Packets/s, 361k SYN Packets/s
Alert Type:
time_window
Alert Description:
Abnormal ratio of SYN packets to ACK packets.
Start Time: 2024-08-17 23:26:28
End Time: ongoing
First Event Seen: 2024-08-17 23:24:00
Last Event Seen: 2024-08-17 23:38:00
Further Details:
https://secondary.nemo.geant.org/alerts/details/165682/
More information about the Nemo-ddos-list
mailing list