[NeMo-DDoS-List] FW: [Geant NeMo] Analysis for Alert #336206 CRIT: IUCC (AS378) - [Email_Analysis] [Customer] [IUCC]

Hank Nussbacher hank at mail.iucc.ac.il
Sun Sep 22 04:48:54 IDT 2024




________________________________________
From: nemo-ddos at geant.org <nemo-ddos at geant.org>
Sent: Sunday, September 22, 2024 4:48:48 AM (UTC+02:00) Jerusalem
To: soc at geant.org
Subject: [Geant NeMo] Analysis for Alert #336206 CRIT: IUCC (AS378) - [Email_Analysis] [Customer] [IUCC]

Please find the analysis details for the Alert ID: 336206

Top-10 Src IPs by Packets:
   Packets   Est. Rate   % of Total            Src IP
----------------------------------------------------
  63218100      210727        26.6%        132.74.3.4
  60419700      201399        25.4%        132.74.3.3
  10650300       35501         4.5%         3.5.58.15
   7440900       24803         3.1%       16.12.14.10
   6468300       21561         2.7%         3.5.56.12
   4546200       15154         1.9%       16.12.13.18
   3094200       10314         1.3%   142.250.180.138
   3035100       10117         1.3%        132.74.3.2
   2052600        6842         0.9%    104.152.52.182
   1854000        6180         0.8%    142.251.39.106

Top-10 Dst IPs by Packets:
   Packets   Est. Rate   % of Total            Dst IP
----------------------------------------------------
  46276800      154256        19.4%         3.5.58.15
  31358100      104527        13.2%       16.12.14.10
  27106800       90356        11.4%         3.5.56.12
  18837900       62793         7.9%       16.12.13.18
  14789700       49299         6.2%        132.74.3.4
  14343000       47810         6.0%        132.74.3.3
   3593100       11977         1.5%   128.139.225.245
   3156600       10522         1.3%      132.66.52.85
   2448600        8162         1.0%     128.139.200.4
   1868700        6229         0.8%    132.64.165.232

Top-10 Possible Targets by Bytes:
      Src IP   Src Port        Dst IP   Dst Port   Sampled Count
--------------------------------------------------------------
  132.74.3.4                                 443     93488615100
  132.74.3.4                                         93488615100
  132.74.3.3                                 443     89645246100
  132.74.3.3                                         89645246100
                            3.5.58.15        443     69018612600
                            3.5.58.15                69018612600
                          16.12.14.10        443     45971321100
                          16.12.14.10                45971321100
                            3.5.56.12        443     40434016800
                            3.5.56.12                40434016800

Metric Info:
1M TCP Packets/s

Alert Type:
time_window

Alert Description:
High TCP packet rate

Start Time: 2024-09-22 01:33:19
End Time: ongoing

First Event Seen: 2024-09-22 01:31:00
Last Event Seen: 2024-09-22 01:47:00

Further Details:
https://primary.nemo.geant.org/alerts/details/336206/


More information about the Nemo-ddos-list mailing list