[NeMo-DDoS-List] FW: [Geant NeMo] Analysis for Alert #342917 CRIT: IUCC (AS378) - [Email_Analysis] [Customer] [IUCC]

Hank Nussbacher hank at mail.iucc.ac.il
Tue Oct 8 17:06:39 IDT 2024




________________________________________
From: nemo-ddos at geant.org <nemo-ddos at geant.org>
Sent: Tuesday, October 8, 2024 5:06:31 PM (UTC+02:00) Jerusalem
To: soc at geant.org
Subject: [Geant NeMo] Analysis for Alert #342917 CRIT: IUCC (AS378) - [Email_Analysis] [Customer] [IUCC]

Please find the analysis details for the Alert ID: 342917

Top-10 Src IPs by Packets:
   Packets   Est. Rate   % of Total            Src IP
----------------------------------------------------
  82175100      273917        60.2%   109.205.213.154
  13238700       44129         9.7%    109.205.213.62
  10846500       36155         7.9%      94.156.35.50
   3933600       13112         2.9%    185.242.226.42
   1859700        6199         1.4%      45.9.149.216
   1820100        6067         1.3%      45.9.149.217
    935100        3117         0.7%   172.169.109.202
    655500        2185         0.5%        45.84.89.3
    623400        2078         0.5%        45.84.89.2
    605100        2017         0.4%     4.156.236.175

Top-10 Dst IPs by Packets:
  Packets   Est. Rate   % of Total           Dst IP
--------------------------------------------------
   150600         502         0.1%    132.66.13.212
    99000         330         0.1%     132.76.61.54
    69900         233         0.1%     132.76.61.53
    56700         189         0.0%    104.22.49.147
    55800         186         0.0%    159.124.35.64
    51300         171         0.0%   132.72.182.216
    45000         150         0.0%    132.73.247.90
    44400         148         0.0%     132.73.247.1
    44400         148         0.0%   132.73.247.222
    44400         148         0.0%   132.73.247.117

Top-10 Possible Targets by Bytes:
           Src IP   Src Port   Dst IP   Dst Port   Sampled Count
--------------------------------------------------------------
  109.205.213.154                                     3615704400
  109.205.213.154      55343                          1629091200
  109.205.213.154      55327                          1626741600
   109.205.213.62      55280                           529548000
   109.205.213.62                                      529548000
     94.156.35.50                                      477246000
     94.156.35.50      55007                           238920000
     94.156.35.50      55023                           238326000
    95.101.44.251        443                           221631300
    95.101.44.251                          58348       221631300

Metric Info:
762k SYN Packets/s

Alert Type:
time_window

Alert Description:
High SYN packet rate

Start Time: 2024-10-08 13:51:19
End Time: ongoing

First Event Seen: 2024-10-08 13:49:00
Last Event Seen: 2024-10-08 14:05:00

Further Details:
https://primary.nemo.geant.org/alerts/details/342917/


More information about the Nemo-ddos-list mailing list