[NeMo-DDoS-List] FW: [Geant NeMo] Analysis for Alert #335166 WARN: IUCC (AS378) - [Email_Analysis] [Customer] [IUCC]

Hank Nussbacher hank at mail.iucc.ac.il
Thu Sep 19 20:50:29 IDT 2024




________________________________________
From: nemo-ddos at geant.org <nemo-ddos at geant.org>
Sent: Thursday, September 19, 2024 8:50:18 PM (UTC+02:00) Jerusalem
To: soc at geant.org
Subject: [Geant NeMo] Analysis for Alert #335166 WARN: IUCC (AS378) - [Email_Analysis] [Customer] [IUCC]

Please find the analysis details for the Alert ID: 335166

Top-10 Src IPs by Packets:
  Packets   Est. Rate   % of Total           Src IP
--------------------------------------------------
  1505100        5017         3.2%      31.13.84.52
  1097400        3658         2.3%   157.240.252.63
   994500        3315         2.1%     67.1.197.125
   893700        2979         1.9%   157.240.253.63
   893400        2978         1.9%   157.240.251.63
   892200        2974         1.9%     192.114.5.10
   890700        2969         1.9%     132.74.20.45
   684300        2281         1.4%   208.67.222.222
   576000        1920         1.2%       31.13.84.4
   471900        1573         1.0%   157.240.252.13

Top-10 Dst IPs by Packets:
   Packets   Est. Rate   % of Total            Dst IP
----------------------------------------------------
  18324300       61081        38.7%       128.139.6.1
   3894600       12982         8.2%   128.139.225.245
   1002600        3342         2.1%      132.66.4.110
    750600        2502         1.6%    192.114.23.221
    696300        2321         1.5%     192.114.52.14
    644700        2149         1.4%     51.16.175.215
    602400        2008         1.3%    192.114.91.249
    550200        1834         1.2%      192.114.52.7
    519300        1731         1.1%      128.139.35.5
    437700        1459         0.9%      192.114.52.1

Top-10 Possible Targets by Bytes:
        Src IP   Src Port            Dst IP   Dst Port   Sampled Count
--------------------------------------------------------------------
                                128.139.6.1                 8486076900
                      123       128.139.6.1                 8486052000
                            128.139.225.245                 4128679200
                      443   128.139.225.245                 2455998900
   31.13.84.52        443                                   1850849400
   31.13.84.52                                              1850849400
                               132.66.4.110       4501      1364822400
                               132.66.4.110                 1364822400
  67.1.197.125      56740                                   1363790400
  67.1.197.125                                    4501      1363790400

Metric Info:
290k UDP Packets/s

Alert Type:
time_window

Alert Description:
High UDP packet rate

Start Time: 2024-09-19 17:42:19
End Time: ongoing

First Event Seen: 2024-09-19 17:40:00
Last Event Seen: 2024-09-19 17:49:00

Further Details:
https://primary.nemo.geant.org/alerts/details/335166/


More information about the Nemo-ddos-list mailing list