[NeMo-DDoS-List] FW: [Geant NeMo] Analysis for Alert #340542 WARN: IUCC (AS378) - [Email_Analysis] [Customer] [IUCC]

Hank Nussbacher hank at mail.iucc.ac.il
Thu Oct 3 03:04:31 IDT 2024




________________________________________
From: nemo-ddos at geant.org <nemo-ddos at geant.org>
Sent: Thursday, October 3, 2024 3:04:23 AM (UTC+02:00) Jerusalem
To: soc at geant.org
Subject: [Geant NeMo] Analysis for Alert #340542 WARN: IUCC (AS378) - [Email_Analysis] [Customer] [IUCC]

Please find the analysis details for the Alert ID: 340542

Top-10 Src IPs by Packets:
   Packets   Est. Rate   % of Total            Src IP
----------------------------------------------------
  16624800       55416        38.7%     217.117.29.92
    999300        3331         2.3%     87.120.113.28
    998700        3329         2.3%      93.123.39.61
    964800        3216         2.2%    66.240.236.116
    750600        2502         1.7%    43.248.134.121
    693300        2311         1.6%      4.255.101.27
    659100        2197         1.5%   138.113.223.152
    650400        2168         1.5%   172.202.177.130
    644400        2148         1.5%        45.84.89.3
    603600        2012         1.4%        45.84.89.2

Top-10 Dst IPs by Packets:
  Packets   Est. Rate   % of Total           Dst IP
--------------------------------------------------
    82500         275         0.2%   132.75.124.209
    76500         255         0.2%   132.75.124.118
    75900         253         0.2%   132.75.124.163
    74400         248         0.2%    132.75.124.80
    73200         244         0.2%    132.75.124.82
    73200         244         0.2%    132.75.124.57
    72900         243         0.2%    132.75.124.78
    72600         242         0.2%    132.75.124.18
    72300         241         0.2%   132.75.124.244
    72300         241         0.2%    132.75.124.10

Top-10 Possible Targets by Bytes:
          Src IP   Src Port            Dst IP   Dst Port   Sampled Count
----------------------------------------------------------------------
   217.117.29.92                                               731491200
   217.117.29.92      52303                                    365943600
   217.117.29.92      52319                                    365547600
   52.10.219.156        443                                     53138700
   52.10.219.156                                                53138700
                        443   128.139.225.245                   50418000
                              128.139.225.245                   50418000
  66.240.236.116                                     139        50169600
  66.240.236.116                                                50169600
  162.254.196.15        443                                     49500000

Metric Info:
264k ACK Packets/s, 326k SYN Packets/s

Alert Type:
time_window

Alert Description:
Abnormal SYN:ACK packet ratio

Start Time: 2024-10-02 23:42:18
End Time: ongoing

First Event Seen: 2024-10-02 23:40:00
Last Event Seen: 2024-10-03 00:03:00

Further Details:
https://primary.nemo.geant.org/alerts/details/340542/


More information about the Nemo-ddos-list mailing list