[NeMo-DDoS-List] FW: [Geant NeMo] Analysis for Alert #165682 WARN: IUCC (AS378) - [Customer] [Email_Analysis] [IUCC]

Hank Nussbacher hank at mail.iucc.ac.il
Sun Aug 18 02:39:47 IDT 2024




________________________________________
From: nemo-ddos at geant.org <nemo-ddos at geant.org>
Sent: Sunday, August 18, 2024 2:39:39 AM (UTC+02:00) Jerusalem
To: soc at geant.org
Subject: [Geant NeMo] Analysis for Alert #165682 WARN: IUCC (AS378) - [Customer] [Email_Analysis] [IUCC]

Please find the analysis details for the Alert ID: 165682

Top-10 Src IPs by Packets:
  Packets   Est. Rate   % of Total           Src IP
--------------------------------------------------
  2107800        7026         6.9%   104.152.52.183
  2106300        7021         6.9%   104.152.52.139
  1293300        4311         4.2%   104.152.52.225
  1274400        4248         4.2%    64.23.192.227
  1061700        3539         3.5%   104.152.52.243
  1028700        3429         3.4%   104.152.52.202
  1027800        3426         3.4%   104.152.52.206
  1026900        3423         3.4%   104.152.52.210
   994500        3315         3.3%    20.118.68.128
   937500        3125         3.1%   104.152.52.194

Top-10 Dst IPs by Packets:
  Packets   Est. Rate   % of Total           Dst IP
--------------------------------------------------
    55200         184         0.2%    15.184.34.127
    41100         137         0.1%    104.22.48.147
    38700         129         0.1%     132.76.61.53
    38700         129         0.1%    128.139.200.5
    37800         126         0.1%   192.114.91.244
    35700         119         0.1%    132.65.240.60
    35100         117         0.1%     132.76.61.54
    29400          98         0.1%     128.139.7.33
    26100          87         0.1%    15.184.38.202
    25500          85         0.1%    192.114.1.187

Top-10 Possible Targets by Bytes:
          Src IP   Src Port          Dst IP   Dst Port   Sampled Count
--------------------------------------------------------------------
  104.152.52.183      56995                                   84312000
  104.152.52.183                                              84312000
  104.152.52.139      57100                                   84252000
  104.152.52.139                                              84252000
                        443   128.139.200.5                   53068800
                              128.139.200.5                   53068800
  173.194.188.73        443                                   52996800
  173.194.188.73                                 59630        52996800
  104.152.52.225      57102                                   51732000
  104.152.52.225                                              51732000

Metric Info:
270k ACK Packets/s, 361k SYN Packets/s

Alert Type:
time_window

Alert Description:
Abnormal ratio of SYN packets to ACK packets.

Start Time: 2024-08-17 23:26:28
End Time: ongoing

First Event Seen: 2024-08-17 23:24:00
Last Event Seen: 2024-08-17 23:38:00

Further Details:
https://secondary.nemo.geant.org/alerts/details/165682/


More information about the Nemo-ddos-list mailing list