[NeMo-DDoS-List] FW: [Geant NeMo] Analysis for Alert #342918 CRIT: IUCC (AS378) - [Email_Analysis] [Customer] [IUCC]

Hank Nussbacher hank at mail.iucc.ac.il
Tue Oct 8 17:07:42 IDT 2024




________________________________________
From: nemo-ddos at geant.org <nemo-ddos at geant.org>
Sent: Tuesday, October 8, 2024 5:07:35 PM (UTC+02:00) Jerusalem
To: soc at geant.org
Subject: [Geant NeMo] Analysis for Alert #342918 CRIT: IUCC (AS378) - [Email_Analysis] [Customer] [IUCC]

Please find the analysis details for the Alert ID: 342918

Top-10 Src IPs by Packets:
    Packets   Est. Rate   % of Total            Src IP
-----------------------------------------------------
  116191800      387306        67.8%   109.205.213.154
   17557800       58526        10.2%    109.205.213.62
    7308300       24361         4.3%      94.156.35.50
    2460300        8201         1.4%      45.9.149.217
    2449200        8164         1.4%      45.9.149.216
    2373000        7910         1.4%    185.242.226.42
     995100        3317         0.6%   172.169.109.202
     816600        2722         0.5%     4.156.236.175
     660600        2202         0.4%   172.168.158.183
     642000        2140         0.4%        45.84.89.3

Top-10 Dst IPs by Packets:
  Packets   Est. Rate   % of Total           Dst IP
--------------------------------------------------
   179700         599         0.1%   17.248.172.138
    98100         327         0.1%     132.76.61.54
    87300         291         0.1%    132.66.13.212
    70800         236         0.0%     132.76.61.53
    58800         196         0.0%    159.124.35.64
    52800         176         0.0%    104.22.49.147
    51300         171         0.0%   132.72.182.216
    43800         146         0.0%    132.71.160.97
    40500         135         0.0%   192.114.23.221
    36000         120         0.0%   132.73.247.204

Top-10 Possible Targets by Bytes:
           Src IP   Src Port   Dst IP   Dst Port   Sampled Count
--------------------------------------------------------------
  109.205.213.154                                     5112439200
  109.205.213.154      55343                          2379207600
  109.205.213.154      55327                          2373360000
   109.205.213.62      55280                           702312000
   109.205.213.62                                      702312000
     94.156.35.50                                      321565200
  109.205.213.154      55319                           168273600
  109.205.213.154      55303                           164947200
     94.156.35.50      55023                           160908000
     94.156.35.50      55007                           160657200

Metric Info:
817k SYN Packets/s, 827k ACK Packets/s

Alert Type:
time_window

Alert Description:
Abnormal SYN:ACK packet ratio

Start Time: 2024-10-08 13:52:11
End Time: ongoing

First Event Seen: 2024-10-08 13:50:00
Last Event Seen: 2024-10-08 14:06:00

Further Details:
https://primary.nemo.geant.org/alerts/details/342918/


More information about the Nemo-ddos-list mailing list