[NeMo-DDoS-List] FW: [Geant NeMo] Analysis for Alert #336682 WARN: IUCC (AS378) - [Email_Analysis] [Customer] [IUCC]

Hank Nussbacher hank at mail.iucc.ac.il
Mon Sep 23 05:25:12 IDT 2024




________________________________________
From: nemo-ddos at geant.org <nemo-ddos at geant.org>
Sent: Monday, September 23, 2024 5:24:36 AM (UTC+02:00) Jerusalem
To: soc at geant.org
Subject: [Geant NeMo] Analysis for Alert #336682 WARN: IUCC (AS378) - [Email_Analysis] [Customer] [IUCC]

Please find the analysis details for the Alert ID: 336682

Top-10 Src IPs by Packets:
  Packets   Est. Rate   % of Total            Src IP
---------------------------------------------------
  8152200       27174        33.2%      132.74.20.45
   581100        1937         2.4%    208.67.222.222
   555600        1852         2.3%       51.17.3.162
   471300        1571         1.9%     192.178.19.26
   399000        1330         1.6%   128.139.226.100
   383100        1277         1.6%    208.67.220.220
   201900         673         0.8%     128.139.200.4
   193500         645         0.8%   172.217.133.231
   192000         640         0.8%     128.139.200.5
   157500         525         0.6%    157.240.253.63

Top-10 Dst IPs by Packets:
    Packets   Est. Rate   % of Total            Dst IP
-----------------------------------------------------
  338514900     1128383      1379.6%    132.68.237.250
    7896000       26320        32.2%     51.16.175.215
     557100        1857         2.3%   128.139.225.245
     555600        1852         2.3%      132.74.20.45
     499200        1664         2.0%      128.139.35.5
     398700        1329         1.6%      51.16.227.58
     377700        1259         1.5%     192.178.19.26
     256200         854         1.0%       51.17.3.162
     255600         852         1.0%    128.139.34.240
     239400         798         1.0%     128.139.200.5

Top-10 Possible Targets by Bytes:
        Src IP   Src Port           Dst IP   Dst Port   Sampled Count
-------------------------------------------------------------------
                            132.68.237.250               443351803800
                            132.68.237.250               268173432000
                            132.68.237.250               268173432000
                            132.68.237.250        443    175177640400
                       53   132.68.237.250               175124898000
  132.74.20.45       4500                                 11562799200
  132.74.20.45                                   4500     11562799200
  132.74.20.45                                            11562799200
                     4500    51.16.175.215                11478854400
                             51.16.175.215       4500     11478854400

Metric Info:
1M UDP Packets/s

Alert Type:
time_window

Alert Description:
High UDP packet rate

Start Time: 2024-09-23 02:18:10
End Time: ongoing

First Event Seen: 2024-09-23 02:16:00
Last Event Seen: 2024-09-23 02:23:00

Further Details:
https://primary.nemo.geant.org/alerts/details/336682/



More information about the Nemo-ddos-list mailing list