[NeMo-DDoS-List] FW: [Geant NeMo] Analysis for Alert #369714 CRIT: IUCC (AS378) - [Email_Analysis] [Customer] [IUCC]
Hank Nussbacher
hank at mail.iucc.ac.il
Wed Apr 2 01:59:09 IDT 2025
________________________________________
From: nemo-ddos at host.geant.org <nemo-ddos at host.geant.org>
Sent: Wednesday, April 2, 2025 1:59:01 AM (UTC+02:00) Jerusalem
To: soc at geant.org
Subject: [Geant NeMo] Analysis for Alert #369714 CRIT: IUCC (AS378) - [Email_Analysis] [Customer] [IUCC]
Please find the analysis details for the Alert ID: 369714
Top-10 Src IPs by Packets:
Packets Est. Rate % of Total Src IP
----------------------------------------------------
30948900 103163 59.6% 194.180.49.46
2464200 8214 4.7% 45.80.215.135
987600 3292 1.9% 185.242.226.42
672900 2243 1.3% 20.150.202.16
631500 2105 1.2% 116.105.216.147
538200 1794 1.0% 185.91.127.81
361500 1205 0.7% 154.81.156.35
355500 1185 0.7% 15.235.224.238
351300 1171 0.7% 15.235.224.227
344100 1147 0.7% 15.235.224.239
Top-10 Dst IPs by Packets:
Packets Est. Rate % of Total Dst IP
---------------------------------------------------
93000 310 0.2% 132.68.113.57
92700 309 0.2% 52.219.169.66
54900 183 0.1% 132.76.230.97
54300 181 0.1% 132.70.166.104
44100 147 0.1% 132.76.61.53
43500 145 0.1% 128.139.225.244
41700 139 0.1% 132.76.61.54
38100 127 0.1% 132.71.160.97
36600 122 0.1% 104.22.49.147
26100 87 0.1% 132.65.240.60
Top-10 Possible Targets by Bytes:
Src IP Src Port Dst IP Dst Port Sampled Count
--------------------------------------------------------------------
194.180.49.46 47217 1237956000
194.180.49.46 1237956000
199.232.82.172 80 136260600
199.232.82.172 136260600
132.66.253.21 42186 136030800
132.66.253.21 443 136030800
132.66.253.21 136030800
42186 52.219.169.66 136030800
52.219.169.66 443 136030800
52.219.169.66 136030800
Metric Info:
255k SYN Packets/s, 670k ACK Packets/s
Alert Type:
time_window
Alert Description:
Abnormal SYN:ACK packet ratio
Start Time: 2025-04-01 22:43:50
End Time: ongoing
First Event Seen: 2025-04-01 22:41:00
Last Event Seen: 2025-04-01 22:57:00
Further Details:
https://primary.nemo.geant.org/alerts/details/369714/
More information about the Nemo-ddos-list
mailing list