[NeMo-DDoS-List] FW: [Geant NeMo] Analysis for Alert #344882 WARN: IUCC (AS378) - [Email_Analysis] [Customer] [IUCC]
Hank Nussbacher
hank at mail.iucc.ac.il
Mon Oct 14 01:21:33 IDT 2024
________________________________________
From: nemo-ddos at geant.org <nemo-ddos at geant.org>
Sent: Monday, October 14, 2024 1:21:28 AM (UTC+02:00) Jerusalem
To: soc at geant.org
Subject: [Geant NeMo] Analysis for Alert #344882 WARN: IUCC (AS378) - [Email_Analysis] [Customer] [IUCC]
Please find the analysis details for the Alert ID: 344882
Top-10 Src IPs by Packets:
Packets Est. Rate % of Total Src IP
---------------------------------------------------
23186100 77287 29.0% 5.252.22.95
2115900 7053 2.6% 104.152.52.200
2115900 7053 2.6% 104.152.52.237
2115300 7051 2.6% 104.152.52.164
2105100 7017 2.6% 104.152.52.109
2102700 7009 2.6% 104.152.52.211
2092500 6975 2.6% 104.152.52.192
2088000 6960 2.6% 104.152.52.160
2082900 6943 2.6% 104.152.52.214
2080800 6936 2.6% 104.152.52.143
Top-10 Dst IPs by Packets:
Packets Est. Rate % of Total Dst IP
--------------------------------------------------
145800 486 0.2% 132.76.61.54
104100 347 0.1% 132.70.244.9
56400 188 0.1% 132.74.98.32
55800 186 0.1% 132.68.218.68
55500 185 0.1% 132.74.98.8
54600 182 0.1% 132.74.98.121
53400 178 0.1% 132.68.218.95
53100 177 0.1% 132.74.98.77
52800 176 0.1% 132.68.218.152
52800 176 0.1% 132.74.98.143
Top-10 Possible Targets by Bytes:
Src IP Src Port Dst IP Dst Port Sampled Count
------------------------------------------------------------------
5.252.22.95 1020188400
5.252.22.95 57055 256726800
5.252.22.95 57071 255525600
5.252.22.95 56792 254377200
5.252.22.95 56808 253558800
132.76.61.54 179797200
443 132.76.61.54 179725200
17.248.248.46 443 176868000
17.248.248.46 59129 176868000
17.248.248.46 176868000
Metric Info:
260k SYN Packets/s, 295k ACK Packets/s
Alert Type:
time_window
Alert Description:
Abnormal SYN:ACK packet ratio
Start Time: 2024-10-13 22:07:14
End Time: ongoing
First Event Seen: 2024-10-13 22:05:00
Last Event Seen: 2024-10-13 22:20:00
Further Details:
https://primary.nemo.geant.org/alerts/details/344882/
More information about the Nemo-ddos-list
mailing list