[NeMo-DDoS-List] FW: [Geant NeMo] Analysis for Alert #340542 WARN: IUCC (AS378) - [Email_Analysis] [Customer] [IUCC]
Hank Nussbacher
hank at mail.iucc.ac.il
Thu Oct 3 03:04:31 IDT 2024
________________________________________
From: nemo-ddos at geant.org <nemo-ddos at geant.org>
Sent: Thursday, October 3, 2024 3:04:23 AM (UTC+02:00) Jerusalem
To: soc at geant.org
Subject: [Geant NeMo] Analysis for Alert #340542 WARN: IUCC (AS378) - [Email_Analysis] [Customer] [IUCC]
Please find the analysis details for the Alert ID: 340542
Top-10 Src IPs by Packets:
Packets Est. Rate % of Total Src IP
----------------------------------------------------
16624800 55416 38.7% 217.117.29.92
999300 3331 2.3% 87.120.113.28
998700 3329 2.3% 93.123.39.61
964800 3216 2.2% 66.240.236.116
750600 2502 1.7% 43.248.134.121
693300 2311 1.6% 4.255.101.27
659100 2197 1.5% 138.113.223.152
650400 2168 1.5% 172.202.177.130
644400 2148 1.5% 45.84.89.3
603600 2012 1.4% 45.84.89.2
Top-10 Dst IPs by Packets:
Packets Est. Rate % of Total Dst IP
--------------------------------------------------
82500 275 0.2% 132.75.124.209
76500 255 0.2% 132.75.124.118
75900 253 0.2% 132.75.124.163
74400 248 0.2% 132.75.124.80
73200 244 0.2% 132.75.124.82
73200 244 0.2% 132.75.124.57
72900 243 0.2% 132.75.124.78
72600 242 0.2% 132.75.124.18
72300 241 0.2% 132.75.124.244
72300 241 0.2% 132.75.124.10
Top-10 Possible Targets by Bytes:
Src IP Src Port Dst IP Dst Port Sampled Count
----------------------------------------------------------------------
217.117.29.92 731491200
217.117.29.92 52303 365943600
217.117.29.92 52319 365547600
52.10.219.156 443 53138700
52.10.219.156 53138700
443 128.139.225.245 50418000
128.139.225.245 50418000
66.240.236.116 139 50169600
66.240.236.116 50169600
162.254.196.15 443 49500000
Metric Info:
264k ACK Packets/s, 326k SYN Packets/s
Alert Type:
time_window
Alert Description:
Abnormal SYN:ACK packet ratio
Start Time: 2024-10-02 23:42:18
End Time: ongoing
First Event Seen: 2024-10-02 23:40:00
Last Event Seen: 2024-10-03 00:03:00
Further Details:
https://primary.nemo.geant.org/alerts/details/340542/
More information about the Nemo-ddos-list
mailing list