[NeMo-DDoS-List] FW: [Geant NeMo] Analysis for Alert #344882 WARN: IUCC (AS378) - [Email_Analysis] [Customer] [IUCC]

Hank Nussbacher hank at mail.iucc.ac.il
Mon Oct 14 01:21:33 IDT 2024




________________________________________
From: nemo-ddos at geant.org <nemo-ddos at geant.org>
Sent: Monday, October 14, 2024 1:21:28 AM (UTC+02:00) Jerusalem
To: soc at geant.org
Subject: [Geant NeMo] Analysis for Alert #344882 WARN: IUCC (AS378) - [Email_Analysis] [Customer] [IUCC]

Please find the analysis details for the Alert ID: 344882

Top-10 Src IPs by Packets:
   Packets   Est. Rate   % of Total           Src IP
---------------------------------------------------
  23186100       77287        29.0%      5.252.22.95
   2115900        7053         2.6%   104.152.52.200
   2115900        7053         2.6%   104.152.52.237
   2115300        7051         2.6%   104.152.52.164
   2105100        7017         2.6%   104.152.52.109
   2102700        7009         2.6%   104.152.52.211
   2092500        6975         2.6%   104.152.52.192
   2088000        6960         2.6%   104.152.52.160
   2082900        6943         2.6%   104.152.52.214
   2080800        6936         2.6%   104.152.52.143

Top-10 Dst IPs by Packets:
  Packets   Est. Rate   % of Total           Dst IP
--------------------------------------------------
   145800         486         0.2%     132.76.61.54
   104100         347         0.1%     132.70.244.9
    56400         188         0.1%     132.74.98.32
    55800         186         0.1%    132.68.218.68
    55500         185         0.1%      132.74.98.8
    54600         182         0.1%    132.74.98.121
    53400         178         0.1%    132.68.218.95
    53100         177         0.1%     132.74.98.77
    52800         176         0.1%   132.68.218.152
    52800         176         0.1%    132.74.98.143

Top-10 Possible Targets by Bytes:
         Src IP   Src Port         Dst IP   Dst Port   Sampled Count
------------------------------------------------------------------
    5.252.22.95                                           1020188400
    5.252.22.95      57055                                 256726800
    5.252.22.95      57071                                 255525600
    5.252.22.95      56792                                 254377200
    5.252.22.95      56808                                 253558800
                             132.76.61.54                  179797200
                       443   132.76.61.54                  179725200
  17.248.248.46        443                                 176868000
  17.248.248.46                                59129       176868000
  17.248.248.46                                            176868000

Metric Info:
260k SYN Packets/s, 295k ACK Packets/s

Alert Type:
time_window

Alert Description:
Abnormal SYN:ACK packet ratio

Start Time: 2024-10-13 22:07:14
End Time: ongoing

First Event Seen: 2024-10-13 22:05:00
Last Event Seen: 2024-10-13 22:20:00

Further Details:
https://primary.nemo.geant.org/alerts/details/344882/


More information about the Nemo-ddos-list mailing list