[NeMo-DDoS-List] FW: [Geant NeMo] Analysis for Alert #342918 CRIT: IUCC (AS378) - [Email_Analysis] [Customer] [IUCC]
Hank Nussbacher
hank at mail.iucc.ac.il
Tue Oct 8 17:07:42 IDT 2024
________________________________________
From: nemo-ddos at geant.org <nemo-ddos at geant.org>
Sent: Tuesday, October 8, 2024 5:07:35 PM (UTC+02:00) Jerusalem
To: soc at geant.org
Subject: [Geant NeMo] Analysis for Alert #342918 CRIT: IUCC (AS378) - [Email_Analysis] [Customer] [IUCC]
Please find the analysis details for the Alert ID: 342918
Top-10 Src IPs by Packets:
Packets Est. Rate % of Total Src IP
-----------------------------------------------------
116191800 387306 67.8% 109.205.213.154
17557800 58526 10.2% 109.205.213.62
7308300 24361 4.3% 94.156.35.50
2460300 8201 1.4% 45.9.149.217
2449200 8164 1.4% 45.9.149.216
2373000 7910 1.4% 185.242.226.42
995100 3317 0.6% 172.169.109.202
816600 2722 0.5% 4.156.236.175
660600 2202 0.4% 172.168.158.183
642000 2140 0.4% 45.84.89.3
Top-10 Dst IPs by Packets:
Packets Est. Rate % of Total Dst IP
--------------------------------------------------
179700 599 0.1% 17.248.172.138
98100 327 0.1% 132.76.61.54
87300 291 0.1% 132.66.13.212
70800 236 0.0% 132.76.61.53
58800 196 0.0% 159.124.35.64
52800 176 0.0% 104.22.49.147
51300 171 0.0% 132.72.182.216
43800 146 0.0% 132.71.160.97
40500 135 0.0% 192.114.23.221
36000 120 0.0% 132.73.247.204
Top-10 Possible Targets by Bytes:
Src IP Src Port Dst IP Dst Port Sampled Count
--------------------------------------------------------------
109.205.213.154 5112439200
109.205.213.154 55343 2379207600
109.205.213.154 55327 2373360000
109.205.213.62 55280 702312000
109.205.213.62 702312000
94.156.35.50 321565200
109.205.213.154 55319 168273600
109.205.213.154 55303 164947200
94.156.35.50 55023 160908000
94.156.35.50 55007 160657200
Metric Info:
817k SYN Packets/s, 827k ACK Packets/s
Alert Type:
time_window
Alert Description:
Abnormal SYN:ACK packet ratio
Start Time: 2024-10-08 13:52:11
End Time: ongoing
First Event Seen: 2024-10-08 13:50:00
Last Event Seen: 2024-10-08 14:06:00
Further Details:
https://primary.nemo.geant.org/alerts/details/342918/
More information about the Nemo-ddos-list
mailing list