[NeMo-DDoS-List] FW: [Geant NeMo] Analysis for Alert #168465 WARN: IUCC (AS378) - [Customer] [Email_Analysis] [IUCC]
Hank Nussbacher
hank at mail.iucc.ac.il
Fri Aug 23 16:35:17 IDT 2024
________________________________________
From: nemo-ddos at geant.org <nemo-ddos at geant.org>
Sent: Friday, August 23, 2024 4:35:08 PM (UTC+02:00) Jerusalem
To: soc at geant.org
Subject: [Geant NeMo] Analysis for Alert #168465 WARN: IUCC (AS378) - [Customer] [Email_Analysis] [IUCC]
Please find the analysis details for the Alert ID: 168465
Top-10 Src IPs by Packets:
Packets Est. Rate % of Total Src IP
---------------------------------------------------
21715800 72386 54.2% 79.110.62.146
990900 3303 2.5% 52.183.224.109
963300 3211 2.4% 13.93.228.114
493200 1644 1.2% 95.214.27.14
439200 1464 1.1% 89.248.163.168
385800 1286 1.0% 45.33.110.79
379500 1265 0.9% 89.248.165.212
283800 946 0.7% 176.97.210.30
280800 936 0.7% 94.141.120.174
265200 884 0.7% 162.19.94.150
Top-10 Dst IPs by Packets:
Packets Est. Rate % of Total Dst IP
---------------------------------------------------
64200 214 0.2% 128.139.225.245
47700 159 0.1% 132.76.61.54
43800 146 0.1% 132.76.61.53
41100 137 0.1% 192.114.1.187
36600 122 0.1% 104.22.49.147
30600 102 0.1% 132.65.240.60
22500 75 0.1% 132.66.251.11
20400 68 0.1% 192.114.105.254
18300 61 0.0% 128.139.35.5
16800 56 0.0% 132.64.17.195
Top-10 Possible Targets by Bytes:
Src IP Src Port Dst IP Dst Port Sampled Count
-----------------------------------------------------------------------
79.110.62.146 868632000
79.110.62.146 59446 790992000
79.110.62.146 59389 54924000
128.139.225.245 46051200
443 128.139.225.245 45945600
52.183.224.109 9042 39636000
52.183.224.109 39636000
13.93.228.114 8888 38520000
13.93.228.114 38520000
151.101.193.164 443 36120000
Metric Info:
192k SYN Packets/s, 339k ACK Packets/s
Alert Type:
time_window
Alert Description:
Abnormal ratio of SYN packets to ACK packets.
Start Time: 2024-08-23 13:27:29
End Time: ongoing
First Event Seen: 2024-08-23 13:25:00
Last Event Seen: 2024-08-23 13:33:00
Further Details:
https://secondary.nemo.geant.org/alerts/details/168465/
More information about the Nemo-ddos-list
mailing list