[NeMo-DDoS-List] FW: [Geant NeMo] Analysis for Alert #176250 WARN: IUCC (AS378) - [Customer] [Email_Analysis] [IUCC]
Hank Nussbacher
hank at mail.iucc.ac.il
Wed Sep 11 06:41:43 IDT 2024
________________________________________
From: nemo-ddos at geant.org <nemo-ddos at geant.org>
Sent: Wednesday, September 11, 2024 6:41:36 AM (UTC+02:00) Jerusalem
To: soc at geant.org
Subject: [Geant NeMo] Analysis for Alert #176250 WARN: IUCC (AS378) - [Customer] [Email_Analysis] [IUCC]
Please find the analysis details for the Alert ID: 176250
Top-10 Src IPs by Packets:
Packets Est. Rate % of Total Src IP
---------------------------------------------------
4175100 13917 6.7% 104.152.52.231
2591400 8638 4.1% 176.113.115.132
2523600 8412 4.0% 176.113.115.131
2448000 8160 3.9% 176.113.115.130
2445900 8153 3.9% 176.113.115.129
2140800 7136 3.4% 104.152.52.204
2126400 7088 3.4% 104.152.52.181
2111100 7037 3.4% 104.152.52.208
2109300 7031 3.4% 104.152.52.103
2093400 6978 3.3% 104.152.52.200
Top-10 Dst IPs by Packets:
Packets Est. Rate % of Total Dst IP
--------------------------------------------------
259800 866 0.4% 132.64.188.20
42600 142 0.1% 132.76.61.54
40500 135 0.1% 132.72.6.1
38400 128 0.1% 132.76.61.53
34800 116 0.1% 132.65.240.60
25500 85 0.0% 192.114.16.100
20100 67 0.0% 192.114.1.187
18900 63 0.0% 104.22.48.147
14700 49 0.0% 132.64.215.174
13500 45 0.0% 192.114.23.221
Top-10 Possible Targets by Bytes:
Src IP Src Port Dst IP Dst Port Sampled Count
---------------------------------------------------------------------
199.232.214.172 80 369593400
199.232.214.172 369593400
199.232.214.172 60691 360727200
80 132.64.188.20 360727200
132.64.188.20 60691 360727200
132.64.188.20 360727200
104.152.52.231 167004000
176.113.115.132 55241 103656000
176.113.115.132 103656000
176.113.115.131 55175 100944000
Metric Info:
240k SYN Packets/s
Alert Type:
time_window
Alert Description:
High SYN packet rate.
Start Time: 2024-09-11 03:31:34
End Time: ongoing
First Event Seen: 2024-09-11 03:29:00
Last Event Seen: 2024-09-11 03:40:00
Further Details:
https://secondary.nemo.geant.org/alerts/details/176250/
More information about the Nemo-ddos-list
mailing list