[NeMo-DDoS-List] FW: [Geant NeMo] Analysis for Alert #336204 CRIT: IUCC (AS378) - [Email_Analysis] [Customer] [IUCC]

Hank Nussbacher hank at mail.iucc.ac.il
Sun Sep 22 04:48:55 IDT 2024




________________________________________
From: nemo-ddos at geant.org <nemo-ddos at geant.org>
Sent: Sunday, September 22, 2024 4:48:48 AM (UTC+02:00) Jerusalem
To: soc at geant.org
Subject: [Geant NeMo] Analysis for Alert #336204 CRIT: IUCC (AS378) - [Email_Analysis] [Customer] [IUCC]

Please find the analysis details for the Alert ID: 336204

Top-10 Src IPs by Packets:
   Packets   Est. Rate   % of Total            Src IP
----------------------------------------------------
  63218100      210727        29.2%        132.74.3.4
  60419400      201398        27.9%        132.74.3.3
  10650300       35501         4.9%         3.5.58.15
   7440900       24803         3.4%       16.12.14.10
   6468300       21561         3.0%         3.5.56.12
   4546200       15154         2.1%       16.12.13.18
   3094200       10314         1.4%   142.250.180.138
   3034800       10116         1.4%        132.74.3.2
   1854000        6180         0.9%    142.251.39.106
   1246800        4156         0.6%   128.139.225.245

Top-10 Dst IPs by Packets:
   Packets   Est. Rate   % of Total            Dst IP
----------------------------------------------------
  46276500      154255        21.4%         3.5.58.15
  31358100      104527        14.5%       16.12.14.10
  27106800       90356        12.5%         3.5.56.12
  18837900       62793         8.7%       16.12.13.18
  14789700       49299         6.8%        132.74.3.4
  14343000       47810         6.6%        132.74.3.3
   3591000       11970         1.7%   128.139.225.245
   3156600       10522         1.5%      132.66.52.85
   2448600        8162         1.1%     128.139.200.4
   1868700        6229         0.9%    132.64.165.232

Top-10 Possible Targets by Bytes:
      Src IP   Src Port        Dst IP   Dst Port   Sampled Count
--------------------------------------------------------------
  132.74.3.4                                 443     93488615100
  132.74.3.4                                         93488615100
  132.74.3.3                                 443     89645230500
  132.74.3.3                                         89645230500
                            3.5.58.15        443     69018597000
                            3.5.58.15                69018597000
                          16.12.14.10        443     45971321100
                          16.12.14.10                45971321100
                            3.5.56.12        443     40434016800
                            3.5.56.12                40434016800

Metric Info:
1M ACK Packets/s

Alert Type:
time_window

Alert Description:
High ACK packet rate

Start Time: 2024-09-22 01:33:09
End Time: ongoing

First Event Seen: 2024-09-22 01:31:00
Last Event Seen: 2024-09-22 01:47:00

Further Details:
https://primary.nemo.geant.org/alerts/details/336204/


More information about the Nemo-ddos-list mailing list