[NeMo-DDoS-List] FW: [Geant NeMo] Analysis for Alert #333309 WARN: IUCC (AS378) - [Email_Analysis] [Customer] [IUCC]
Hank Nussbacher
hank at mail.iucc.ac.il
Mon Sep 16 17:46:50 IDT 2024
________________________________________
From: nemo-ddos at geant.org <nemo-ddos at geant.org>
Sent: Monday, September 16, 2024 5:46:42 PM (UTC+02:00) Jerusalem
To: soc at geant.org
Subject: [Geant NeMo] Analysis for Alert #333309 WARN: IUCC (AS378) - [Email_Analysis] [Customer] [IUCC]
Please find the analysis details for the Alert ID: 333309
Top-10 Src IPs by Packets:
Packets Est. Rate % of Total Src IP
--------------------------------------------------
2115900 7053 5.2% 104.152.52.128
2109900 7033 5.2% 104.152.52.234
2103900 7013 5.2% 104.152.52.105
2098800 6996 5.1% 104.152.52.211
2090700 6969 5.1% 104.152.52.188
2079900 6933 5.1% 104.152.52.144
2078100 6927 5.1% 104.152.52.121
2068800 6896 5.1% 104.152.52.120
1429800 4766 3.5% 104.152.52.237
1040400 3468 2.6% 104.152.52.230
Top-10 Dst IPs by Packets:
Packets Est. Rate % of Total Dst IP
---------------------------------------------------
69600 232 0.2% 132.76.61.53
69000 230 0.2% 192.114.105.254
64800 216 0.2% 132.76.61.54
58500 195 0.1% 15.185.243.212
39600 132 0.1% 192.114.23.221
38400 128 0.1% 192.114.5.10
31200 104 0.1% 192.114.91.245
30000 100 0.1% 15.185.243.11
25200 84 0.1% 132.65.240.60
24000 80 0.1% 128.139.225.245
Top-10 Possible Targets by Bytes:
Src IP Src Port Dst IP Dst Port Sampled Count
-------------------------------------------------------------
104.152.52.128 56890 84636000
104.152.52.128 84636000
104.152.52.234 56951 84396000
104.152.52.234 84396000
104.152.52.105 56896 84156000
104.152.52.105 84156000
104.152.52.211 56868 83952000
104.152.52.211 83952000
104.152.52.188 56890 83628000
104.152.52.188 83628000
Metric Info:
241k SYN Packets/s
Alert Type:
time_window
Alert Description:
High SYN packet rate
Start Time: 2024-09-16 14:31:14
End Time: ongoing
First Event Seen: 2024-09-16 14:29:00
Last Event Seen: 2024-09-16 14:45:00
Further Details:
https://primary.nemo.geant.org/alerts/details/333309/
More information about the Nemo-ddos-list
mailing list