[NeMo-DDoS-List] FW: [Geant NeMo] Analysis for Alert #333877 CRIT: IUCC (AS378) - [Email_Analysis] [Customer] [IUCC]
Hank Nussbacher
hank at mail.iucc.ac.il
Tue Sep 17 16:47:53 IDT 2024
________________________________________
From: nemo-ddos at geant.org <nemo-ddos at geant.org>
Sent: Tuesday, September 17, 2024 4:47:44 PM (UTC+02:00) Jerusalem
To: soc at geant.org
Subject: [Geant NeMo] Analysis for Alert #333877 CRIT: IUCC (AS378) - [Email_Analysis] [Customer] [IUCC]
Please find the analysis details for the Alert ID: 333877
Top-10 Src IPs by Packets:
Packets Est. Rate % of Total Src IP
----------------------------------------------------
10677000 35590 14.5% 198.144.158.76
5642700 18809 7.6% 198.144.159.105
5059800 16866 6.9% 199.167.138.161
4673700 15579 6.3% 208.87.243.167
4101300 13671 5.6% 45.9.149.155
4091400 13638 5.5% 208.87.243.59
3839400 12798 5.2% 108.181.2.183
3564900 11883 4.8% 108.181.3.205
3301200 11004 4.5% 208.87.243.169
2956500 9855 4.0% 108.181.24.17
Top-10 Dst IPs by Packets:
Packets Est. Rate % of Total Dst IP
---------------------------------------------------
105900 353 0.1% 192.114.23.223
104700 349 0.1% 132.76.61.54
96600 322 0.1% 132.76.61.53
81600 272 0.1% 132.74.3.2
71700 239 0.1% 192.114.105.254
32100 107 0.0% 192.114.5.10
29700 99 0.0% 192.114.23.232
25800 86 0.0% 132.65.240.60
25500 85 0.0% 150.140.37.10
24900 83 0.0% 132.64.244.79
Top-10 Possible Targets by Bytes:
Src IP Src Port Dst IP Dst Port Sampled Count
--------------------------------------------------------------
198.144.158.76 427080000
198.144.158.76 59537 244692000
198.144.159.105 225708000
199.167.138.161 59752 202392000
199.167.138.161 202392000
208.87.243.167 59762 186948000
208.87.243.167 186948000
198.144.158.76 59536 182388000
45.9.149.155 164052000
208.87.243.59 59776 163656000
Metric Info:
368k SYN Packets/s
Alert Type:
time_window
Alert Description:
High SYN packet rate
Start Time: 2024-09-17 13:32:21
End Time: ongoing
First Event Seen: 2024-09-17 13:30:00
Last Event Seen: 2024-09-17 13:46:00
Further Details:
https://primary.nemo.geant.org/alerts/details/333877/
More information about the Nemo-ddos-list
mailing list