[NeMo-DDoS-List] FW: [Geant NeMo] Analysis for Alert #168465 CRIT: IUCC (AS378) - [Customer] [Email_Analysis] [IUCC]

Hank Nussbacher hank at mail.iucc.ac.il
Fri Aug 23 17:06:47 IDT 2024




________________________________________
From: nemo-ddos at geant.org <nemo-ddos at geant.org>
Sent: Friday, August 23, 2024 5:06:39 PM (UTC+02:00) Jerusalem
To: soc at geant.org
Subject: [Geant NeMo] Analysis for Alert #168465 CRIT: IUCC (AS378) - [Customer] [Email_Analysis] [IUCC]

Please find the analysis details for the Alert ID: 168465

Top-10 Src IPs by Packets:
   Packets   Est. Rate   % of Total           Src IP
---------------------------------------------------
  21715800       72386        54.2%    79.110.62.146
    990900        3303         2.5%   52.183.224.109
    963300        3211         2.4%    13.93.228.114
    493200        1644         1.2%     95.214.27.14
    439200        1464         1.1%   89.248.163.168
    385800        1286         1.0%     45.33.110.79
    379500        1265         0.9%   89.248.165.212
    283800         946         0.7%    176.97.210.30
    280800         936         0.7%   94.141.120.174
    265200         884         0.7%    162.19.94.150

Top-10 Dst IPs by Packets:
  Packets   Est. Rate   % of Total            Dst IP
---------------------------------------------------
    64200         214         0.2%   128.139.225.245
    47700         159         0.1%      132.76.61.54
    43800         146         0.1%      132.76.61.53
    41100         137         0.1%     192.114.1.187
    36600         122         0.1%     104.22.49.147
    30600         102         0.1%     132.65.240.60
    22500          75         0.1%     132.66.251.11
    20400          68         0.1%   192.114.105.254
    18300          61         0.0%      128.139.35.5
    16800          56         0.0%     132.64.17.195

Top-10 Possible Targets by Bytes:
           Src IP   Src Port            Dst IP   Dst Port   Sampled Count
-----------------------------------------------------------------------
    79.110.62.146                                               868632000
    79.110.62.146      59446                                    790992000
    79.110.62.146      59389                                     54924000
                               128.139.225.245                   46051200
                         443   128.139.225.245                   45945600
   52.183.224.109                                    9042        39636000
   52.183.224.109                                                39636000
    13.93.228.114                                    8888        38520000
    13.93.228.114                                                38520000
  151.101.193.164        443                                     36120000

Metric Info:
198k SYN Packets/s, 400k ACK Packets/s

Alert Type:
time_window

Alert Description:
Abnormal ratio of SYN packets to ACK packets.

Start Time: 2024-08-23 13:27:29
End Time: ongoing

First Event Seen: 2024-08-23 13:25:00
Last Event Seen: 2024-08-23 14:05:00

Further Details:
https://secondary.nemo.geant.org/alerts/details/168465/


More information about the Nemo-ddos-list mailing list