[NeMo-DDoS-List] FW: [Geant NeMo] Analysis for Alert #340044 WARN: IUCC (AS378) - [Email_Analysis] [Customer] [IUCC]

Hank Nussbacher hank at mail.iucc.ac.il
Wed Oct 2 02:00:34 IDT 2024




________________________________________
From: nemo-ddos at geant.org <nemo-ddos at geant.org>
Sent: Wednesday, October 2, 2024 2:00:21 AM (UTC+02:00) Jerusalem
To: soc at geant.org
Subject: [Geant NeMo] Analysis for Alert #340044 WARN: IUCC (AS378) - [Email_Analysis] [Customer] [IUCC]

Please find the analysis details for the Alert ID: 340044

Top-10 Src IPs by Packets:
   Packets   Est. Rate   % of Total            Src IP
----------------------------------------------------
  10891800       36306        27.6%    109.199.116.73
   6389100       21297        16.2%    207.180.193.83
    987000        3290         2.5%    172.169.108.67
    780000        2600         2.0%   138.113.223.152
    649200        2164         1.6%        45.84.89.2
    637800        2126         1.6%        45.84.89.3
    447900        1493         1.1%      160.25.72.24
    436500        1455         1.1%    172.206.146.94
    418800        1396         1.1%    89.248.165.212
    412800        1376         1.0%    89.248.163.168

Top-10 Dst IPs by Packets:
  Packets   Est. Rate   % of Total            Dst IP
---------------------------------------------------
    54000         180         0.1%     104.22.49.147
    40200         134         0.1%      132.76.61.54
    39000         130         0.1%      132.76.61.53
    37800         126         0.1%     132.65.240.60
    32700         109         0.1%   128.139.225.245
    29100          97         0.1%     132.71.160.97
    27900          93         0.1%     15.184.16.156
    22200          74         0.1%     192.114.1.187
    20100          67         0.1%    132.72.152.123
    18000          60         0.0%      128.139.35.5

Top-10 Possible Targets by Bytes:
          Src IP   Src Port            Dst IP   Dst Port   Sampled Count
----------------------------------------------------------------------
  109.199.116.73      42753                                    435672000
  109.199.116.73                                               435672000
  207.180.193.83      42711                                    255564000
  207.180.193.83                                               255564000
  172.169.108.67                                     808        39480000
  172.169.108.67                                                39480000
                              128.139.225.245                   35905800
                        443   128.139.225.245                   35890200
   23.246.50.168        443                                     35351400
   23.246.50.168                                   55977        35351400

Metric Info:
182k SYN Packets/s, 278k ACK Packets/s

Alert Type:
time_window

Alert Description:
Abnormal SYN:ACK packet ratio

Start Time: 2024-10-01 22:48:19
End Time: ongoing

First Event Seen: 2024-10-01 22:46:00
Last Event Seen: 2024-10-01 22:59:00

Further Details:
https://primary.nemo.geant.org/alerts/details/340044/


More information about the Nemo-ddos-list mailing list