[NeMo-DDoS-List] [Geant NeMo] Analysis for Alert #339617 WARN: IUCC (AS378) - [Email_Analysis] [Customer] [IUCC]
Hank Nussbacher
hank at mail.iucc.ac.il
Mon Sep 30 19:15:56 IDT 2024
cv-ma4.haifa.ac.il appears to be sending data to 132.76.212.49. Is that normal?
-----Original Message-----
From: nemo-ddos at geant.org <nemo-ddos at geant.org>
Sent: Monday, 30 September 2024 18:28
To: soc at geant.org
Subject: [Geant NeMo] Analysis for Alert #339617 WARN: IUCC (AS378) - [Email_Analysis] [Customer] [IUCC]
Please find the analysis details for the Alert ID: 339617
Top-10 Src IPs by Packets:
Packets Est. Rate % of Total Src IP
-----------------------------------------------------
145682100 485607 33.4% 132.74.3.4
17534700 58449 4.0% 142.250.180.187
17533200 58444 4.0% 216.58.204.155
15565800 51886 3.6% 142.250.180.155
15239400 50798 3.5% 216.58.205.59
13890900 46303 3.2% 142.251.209.59
13874700 46249 3.2% 142.251.209.27
12559800 41866 2.9% 216.58.204.251
8265900 27553 1.9% 13.107.138.10
6930900 23103 1.6% 54.230.112.82
Top-10 Dst IPs by Packets:
Packets Est. Rate % of Total Dst IP
---------------------------------------------------
102155100 340517 23.4% 132.76.212.49
34001100 113337 7.8% 3.5.57.7
28695300 95651 6.6% 132.74.3.4
26772000 89240 6.1% 3.5.56.12
19433400 64778 4.5% 3.5.58.15
10586400 35288 2.4% 16.12.14.10
9566400 31888 2.2% 132.68.38.54
7600800 25336 1.7% 3.5.56.4
7020000 23400 1.6% 192.114.5.10
6476100 21587 1.5% 16.12.12.10
Top-10 Possible Targets by Bytes:
Src IP Src Port Dst IP Dst Port Sampled Count
----------------------------------------------------------------
132.74.3.4 443 214798128900
132.74.3.4 214798128900
443 132.76.212.49 148087329900
132.76.212.49 148087329900
3.5.57.7 443 50411389800
3.5.57.7 50411389800
3.5.56.12 443 39706581300
3.5.56.12 39706581300
3.5.58.15 443 28806129000
3.5.58.15 28806129000
Metric Info:
1M ACK Packets/s
Alert Type:
time_window
Alert Description:
High ACK packet rate
Start Time: 2024-09-30 15:18:13
End Time: ongoing
First Event Seen: 2024-09-30 15:16:00
Last Event Seen: 2024-09-30 15:25:00
Further Details:
https://primary.nemo.geant.org/alerts/details/339617/
More information about the Nemo-ddos-list
mailing list