[NeMo-DDoS-List] FW: [Geant NeMo] Analysis for Alert #333877 WARN: IUCC (AS378) - [Email_Analysis] [Customer] [IUCC]

Hank Nussbacher hank at mail.iucc.ac.il
Tue Sep 17 16:39:04 IDT 2024




________________________________________
From: nemo-ddos at geant.org <nemo-ddos at geant.org>
Sent: Tuesday, September 17, 2024 4:38:55 PM (UTC+02:00) Jerusalem
To: soc at geant.org
Subject: [Geant NeMo] Analysis for Alert #333877 WARN: IUCC (AS378) - [Email_Analysis] [Customer] [IUCC]

Please find the analysis details for the Alert ID: 333877

Top-10 Src IPs by Packets:
   Packets   Est. Rate   % of Total            Src IP
----------------------------------------------------
  10677000       35590        14.5%    198.144.158.76
   5642700       18809         7.6%   198.144.159.105
   5059800       16866         6.9%   199.167.138.161
   4673700       15579         6.3%    208.87.243.167
   4101300       13671         5.6%      45.9.149.155
   4091400       13638         5.5%     208.87.243.59
   3839400       12798         5.2%     108.181.2.183
   3564900       11883         4.8%     108.181.3.205
   3301200       11004         4.5%    208.87.243.169
   2956500        9855         4.0%     108.181.24.17

Top-10 Dst IPs by Packets:
  Packets   Est. Rate   % of Total            Dst IP
---------------------------------------------------
   105900         353         0.1%    192.114.23.223
   104700         349         0.1%      132.76.61.54
    96600         322         0.1%      132.76.61.53
    81600         272         0.1%        132.74.3.2
    71700         239         0.1%   192.114.105.254
    32100         107         0.0%      192.114.5.10
    29700          99         0.0%    192.114.23.232
    25800          86         0.0%     132.65.240.60
    25500          85         0.0%     150.140.37.10
    24900          83         0.0%     132.64.244.79

Top-10 Possible Targets by Bytes:
           Src IP   Src Port   Dst IP   Dst Port   Sampled Count
--------------------------------------------------------------
   198.144.158.76                                      427080000
   198.144.158.76      59537                           244692000
  198.144.159.105                                      225708000
  199.167.138.161      59752                           202392000
  199.167.138.161                                      202392000
   208.87.243.167      59762                           186948000
   208.87.243.167                                      186948000
   198.144.158.76      59536                           182388000
     45.9.149.155                                      164052000
    208.87.243.59      59776                           163656000

Metric Info:
362k SYN Packets/s

Alert Type:
time_window

Alert Description:
High SYN packet rate

Start Time: 2024-09-17 13:32:21
End Time: ongoing

First Event Seen: 2024-09-17 13:30:00
Last Event Seen: 2024-09-17 13:37:00

Further Details:
https://primary.nemo.geant.org/alerts/details/333877/


More information about the Nemo-ddos-list mailing list