[NeMo-DDoS-List] FW: [Geant NeMo] Analysis for Alert #342917 WARN: IUCC (AS378) - [Email_Analysis] [Customer] [IUCC]
Hank Nussbacher
hank at mail.iucc.ac.il
Tue Oct 8 16:57:55 IDT 2024
________________________________________
From: nemo-ddos at geant.org <nemo-ddos at geant.org>
Sent: Tuesday, October 8, 2024 4:57:42 PM (UTC+02:00) Jerusalem
To: soc at geant.org
Subject: [Geant NeMo] Analysis for Alert #342917 WARN: IUCC (AS378) - [Email_Analysis] [Customer] [IUCC]
Please find the analysis details for the Alert ID: 342917
Top-10 Src IPs by Packets:
Packets Est. Rate % of Total Src IP
----------------------------------------------------
82175100 273917 60.2% 109.205.213.154
13238700 44129 9.7% 109.205.213.62
10846500 36155 7.9% 94.156.35.50
3933600 13112 2.9% 185.242.226.42
1859700 6199 1.4% 45.9.149.216
1820100 6067 1.3% 45.9.149.217
935100 3117 0.7% 172.169.109.202
655500 2185 0.5% 45.84.89.3
623400 2078 0.5% 45.84.89.2
605100 2017 0.4% 4.156.236.175
Top-10 Dst IPs by Packets:
Packets Est. Rate % of Total Dst IP
--------------------------------------------------
150600 502 0.1% 132.66.13.212
99000 330 0.1% 132.76.61.54
69900 233 0.1% 132.76.61.53
56700 189 0.0% 104.22.49.147
55800 186 0.0% 159.124.35.64
51300 171 0.0% 132.72.182.216
45000 150 0.0% 132.73.247.90
44400 148 0.0% 132.73.247.1
44400 148 0.0% 132.73.247.222
44400 148 0.0% 132.73.247.117
Top-10 Possible Targets by Bytes:
Src IP Src Port Dst IP Dst Port Sampled Count
--------------------------------------------------------------
109.205.213.154 3615704400
109.205.213.154 55343 1629091200
109.205.213.154 55327 1626741600
109.205.213.62 55280 529548000
109.205.213.62 529548000
94.156.35.50 477246000
94.156.35.50 55007 238920000
94.156.35.50 55023 238326000
95.101.44.251 443 221631300
95.101.44.251 58348 221631300
Metric Info:
740k SYN Packets/s
Alert Type:
time_window
Alert Description:
High SYN packet rate
Start Time: 2024-10-08 13:51:19
End Time: ongoing
First Event Seen: 2024-10-08 13:49:00
Last Event Seen: 2024-10-08 13:56:00
Further Details:
https://primary.nemo.geant.org/alerts/details/342917/
More information about the Nemo-ddos-list
mailing list