[NeMo-DDoS-List] FW: [Geant NeMo] Analysis for Alert #340044 CRIT: IUCC (AS378) - [Email_Analysis] [Customer] [IUCC]
Hank Nussbacher
hank at mail.iucc.ac.il
Wed Oct 2 02:46:36 IDT 2024
________________________________________
From: nemo-ddos at geant.org <nemo-ddos at geant.org>
Sent: Wednesday, October 2, 2024 2:46:27 AM (UTC+02:00) Jerusalem
To: soc at geant.org
Subject: [Geant NeMo] Analysis for Alert #340044 CRIT: IUCC (AS378) - [Email_Analysis] [Customer] [IUCC]
Please find the analysis details for the Alert ID: 340044
Top-10 Src IPs by Packets:
Packets Est. Rate % of Total Src IP
----------------------------------------------------
10891800 36306 27.6% 109.199.116.73
6389100 21297 16.2% 207.180.193.83
987000 3290 2.5% 172.169.108.67
780000 2600 2.0% 138.113.223.152
649200 2164 1.6% 45.84.89.2
637800 2126 1.6% 45.84.89.3
447900 1493 1.1% 160.25.72.24
436500 1455 1.1% 172.206.146.94
418800 1396 1.1% 89.248.165.212
412800 1376 1.0% 89.248.163.168
Top-10 Dst IPs by Packets:
Packets Est. Rate % of Total Dst IP
---------------------------------------------------
54000 180 0.1% 104.22.49.147
40200 134 0.1% 132.76.61.54
39000 130 0.1% 132.76.61.53
37800 126 0.1% 132.65.240.60
32700 109 0.1% 128.139.225.245
29100 97 0.1% 132.71.160.97
27900 93 0.1% 15.184.16.156
22200 74 0.1% 192.114.1.187
20100 67 0.1% 132.72.152.123
18000 60 0.0% 128.139.35.5
Top-10 Possible Targets by Bytes:
Src IP Src Port Dst IP Dst Port Sampled Count
----------------------------------------------------------------------
109.199.116.73 42753 435672000
109.199.116.73 435672000
207.180.193.83 42711 255564000
207.180.193.83 255564000
172.169.108.67 808 39480000
172.169.108.67 39480000
128.139.225.245 35905800
443 128.139.225.245 35890200
23.246.50.168 443 35351400
23.246.50.168 55977 35351400
Metric Info:
276k ACK Packets/s, 284k SYN Packets/s
Alert Type:
time_window
Alert Description:
Abnormal SYN:ACK packet ratio
Start Time: 2024-10-01 22:48:19
End Time: ongoing
First Event Seen: 2024-10-01 22:46:00
Last Event Seen: 2024-10-01 23:45:00
Further Details:
https://primary.nemo.geant.org/alerts/details/340044/
More information about the Nemo-ddos-list
mailing list