[NeMo-DDoS-List] FW: [Geant NeMo] Analysis for Alert #333309 WARN: IUCC (AS378) - [Email_Analysis] [Customer] [IUCC]

Hank Nussbacher hank at mail.iucc.ac.il
Mon Sep 16 17:46:50 IDT 2024




________________________________________
From: nemo-ddos at geant.org <nemo-ddos at geant.org>
Sent: Monday, September 16, 2024 5:46:42 PM (UTC+02:00) Jerusalem
To: soc at geant.org
Subject: [Geant NeMo] Analysis for Alert #333309 WARN: IUCC (AS378) - [Email_Analysis] [Customer] [IUCC]

Please find the analysis details for the Alert ID: 333309

Top-10 Src IPs by Packets:
  Packets   Est. Rate   % of Total           Src IP
--------------------------------------------------
  2115900        7053         5.2%   104.152.52.128
  2109900        7033         5.2%   104.152.52.234
  2103900        7013         5.2%   104.152.52.105
  2098800        6996         5.1%   104.152.52.211
  2090700        6969         5.1%   104.152.52.188
  2079900        6933         5.1%   104.152.52.144
  2078100        6927         5.1%   104.152.52.121
  2068800        6896         5.1%   104.152.52.120
  1429800        4766         3.5%   104.152.52.237
  1040400        3468         2.6%   104.152.52.230

Top-10 Dst IPs by Packets:
  Packets   Est. Rate   % of Total            Dst IP
---------------------------------------------------
    69600         232         0.2%      132.76.61.53
    69000         230         0.2%   192.114.105.254
    64800         216         0.2%      132.76.61.54
    58500         195         0.1%    15.185.243.212
    39600         132         0.1%    192.114.23.221
    38400         128         0.1%      192.114.5.10
    31200         104         0.1%    192.114.91.245
    30000         100         0.1%     15.185.243.11
    25200          84         0.1%     132.65.240.60
    24000          80         0.1%   128.139.225.245

Top-10 Possible Targets by Bytes:
          Src IP   Src Port   Dst IP   Dst Port   Sampled Count
-------------------------------------------------------------
  104.152.52.128      56890                            84636000
  104.152.52.128                                       84636000
  104.152.52.234      56951                            84396000
  104.152.52.234                                       84396000
  104.152.52.105      56896                            84156000
  104.152.52.105                                       84156000
  104.152.52.211      56868                            83952000
  104.152.52.211                                       83952000
  104.152.52.188      56890                            83628000
  104.152.52.188                                       83628000

Metric Info:
241k SYN Packets/s

Alert Type:
time_window

Alert Description:
High SYN packet rate

Start Time: 2024-09-16 14:31:14
End Time: ongoing

First Event Seen: 2024-09-16 14:29:00
Last Event Seen: 2024-09-16 14:45:00

Further Details:
https://primary.nemo.geant.org/alerts/details/333309/


More information about the Nemo-ddos-list mailing list