[NeMo-DDoS-List] FW: [Geant NeMo] Analysis for Alert #336204 CRIT: IUCC (AS378) - [Email_Analysis] [Customer] [IUCC]
Hank Nussbacher
hank at mail.iucc.ac.il
Sun Sep 22 04:48:55 IDT 2024
________________________________________
From: nemo-ddos at geant.org <nemo-ddos at geant.org>
Sent: Sunday, September 22, 2024 4:48:48 AM (UTC+02:00) Jerusalem
To: soc at geant.org
Subject: [Geant NeMo] Analysis for Alert #336204 CRIT: IUCC (AS378) - [Email_Analysis] [Customer] [IUCC]
Please find the analysis details for the Alert ID: 336204
Top-10 Src IPs by Packets:
Packets Est. Rate % of Total Src IP
----------------------------------------------------
63218100 210727 29.2% 132.74.3.4
60419400 201398 27.9% 132.74.3.3
10650300 35501 4.9% 3.5.58.15
7440900 24803 3.4% 16.12.14.10
6468300 21561 3.0% 3.5.56.12
4546200 15154 2.1% 16.12.13.18
3094200 10314 1.4% 142.250.180.138
3034800 10116 1.4% 132.74.3.2
1854000 6180 0.9% 142.251.39.106
1246800 4156 0.6% 128.139.225.245
Top-10 Dst IPs by Packets:
Packets Est. Rate % of Total Dst IP
----------------------------------------------------
46276500 154255 21.4% 3.5.58.15
31358100 104527 14.5% 16.12.14.10
27106800 90356 12.5% 3.5.56.12
18837900 62793 8.7% 16.12.13.18
14789700 49299 6.8% 132.74.3.4
14343000 47810 6.6% 132.74.3.3
3591000 11970 1.7% 128.139.225.245
3156600 10522 1.5% 132.66.52.85
2448600 8162 1.1% 128.139.200.4
1868700 6229 0.9% 132.64.165.232
Top-10 Possible Targets by Bytes:
Src IP Src Port Dst IP Dst Port Sampled Count
--------------------------------------------------------------
132.74.3.4 443 93488615100
132.74.3.4 93488615100
132.74.3.3 443 89645230500
132.74.3.3 89645230500
3.5.58.15 443 69018597000
3.5.58.15 69018597000
16.12.14.10 443 45971321100
16.12.14.10 45971321100
3.5.56.12 443 40434016800
3.5.56.12 40434016800
Metric Info:
1M ACK Packets/s
Alert Type:
time_window
Alert Description:
High ACK packet rate
Start Time: 2024-09-22 01:33:09
End Time: ongoing
First Event Seen: 2024-09-22 01:31:00
Last Event Seen: 2024-09-22 01:47:00
Further Details:
https://primary.nemo.geant.org/alerts/details/336204/
More information about the Nemo-ddos-list
mailing list