[NeMo-DDoS-List] FW: [Geant NeMo] Analysis for Alert #176250 WARN: IUCC (AS378) - [Customer] [Email_Analysis] [IUCC]

Hank Nussbacher hank at mail.iucc.ac.il
Wed Sep 11 06:41:43 IDT 2024




________________________________________
From: nemo-ddos at geant.org <nemo-ddos at geant.org>
Sent: Wednesday, September 11, 2024 6:41:36 AM (UTC+02:00) Jerusalem
To: soc at geant.org
Subject: [Geant NeMo] Analysis for Alert #176250 WARN: IUCC (AS378) - [Customer] [Email_Analysis] [IUCC]

Please find the analysis details for the Alert ID: 176250

Top-10 Src IPs by Packets:
  Packets   Est. Rate   % of Total            Src IP
---------------------------------------------------
  4175100       13917         6.7%    104.152.52.231
  2591400        8638         4.1%   176.113.115.132
  2523600        8412         4.0%   176.113.115.131
  2448000        8160         3.9%   176.113.115.130
  2445900        8153         3.9%   176.113.115.129
  2140800        7136         3.4%    104.152.52.204
  2126400        7088         3.4%    104.152.52.181
  2111100        7037         3.4%    104.152.52.208
  2109300        7031         3.4%    104.152.52.103
  2093400        6978         3.3%    104.152.52.200

Top-10 Dst IPs by Packets:
  Packets   Est. Rate   % of Total           Dst IP
--------------------------------------------------
   259800         866         0.4%    132.64.188.20
    42600         142         0.1%     132.76.61.54
    40500         135         0.1%       132.72.6.1
    38400         128         0.1%     132.76.61.53
    34800         116         0.1%    132.65.240.60
    25500          85         0.0%   192.114.16.100
    20100          67         0.0%    192.114.1.187
    18900          63         0.0%    104.22.48.147
    14700          49         0.0%   132.64.215.174
    13500          45         0.0%   192.114.23.221

Top-10 Possible Targets by Bytes:
           Src IP   Src Port          Dst IP   Dst Port   Sampled Count
---------------------------------------------------------------------
  199.232.214.172         80                                  369593400
  199.232.214.172                                             369593400
  199.232.214.172                                 60691       360727200
                          80   132.64.188.20                  360727200
                               132.64.188.20      60691       360727200
                               132.64.188.20                  360727200
   104.152.52.231                                             167004000
  176.113.115.132      55241                                  103656000
  176.113.115.132                                             103656000
  176.113.115.131      55175                                  100944000

Metric Info:
240k SYN Packets/s

Alert Type:
time_window

Alert Description:
High SYN packet rate.

Start Time: 2024-09-11 03:31:34
End Time: ongoing

First Event Seen: 2024-09-11 03:29:00
Last Event Seen: 2024-09-11 03:40:00

Further Details:
https://secondary.nemo.geant.org/alerts/details/176250/


More information about the Nemo-ddos-list mailing list