[NeMo-DDoS-List] FW: [Geant NeMo] Analysis for Alert #370232 WARN: IUCC (AS378) - [Email_Analysis] [Customer] [IUCC]

Hank Nussbacher hank at mail.iucc.ac.il
Sun Apr 6 12:24:00 IDT 2025 



________________________________________
From: nemo-ddos at host.geant.org <nemo-ddos at host.geant.org>
Sent: Sunday, April 6, 2025 12:23:53 PM (UTC+02:00) Jerusalem
To: soc at geant.org
Subject: [Geant NeMo] Analysis for Alert #370232 WARN: IUCC (AS378) - [Email_Analysis] [Customer] [IUCC]

Please find the analysis details for the Alert ID: 370232

Top-10 Src IPs by Packets:
   Packets   Est. Rate   % of Total           Src IP
---------------------------------------------------
  31106400      103688        48.5%    194.180.49.46
   4644600       15482         7.2%     80.64.30.221
   1627800        5426         2.5%    45.80.215.135
   1487700        4959         2.3%    165.22.62.128
   1001100        3337         1.6%    20.64.104.195
    809100        2697         1.3%    20.98.142.157
    489900        1633         0.8%    185.91.127.81
    471300        1571         0.7%   185.224.128.23
    468600        1562         0.7%   83.222.190.254
    447600        1492         0.7%    154.81.156.35

Top-10 Dst IPs by Packets:
  Packets   Est. Rate   % of Total            Dst IP
---------------------------------------------------
   397500        1325         0.6%    192.114.91.246
   204900         683         0.3%     192.114.3.241
   157200         524         0.2%   192.114.105.254
   141900         473         0.2%      132.64.86.20
   139800         466         0.2%      132.76.61.53
   139500         465         0.2%    132.67.180.199
   131700         439         0.2%      132.70.66.11
   102600         342         0.2%      132.76.61.54
   102000         340         0.2%       52.92.35.25
    98400         328         0.2%    17.253.122.199

Top-10 Possible Targets by Bytes:
          Src IP   Src Port           Dst IP   Dst Port   Sampled Count
---------------------------------------------------------------------
   194.180.49.46      50852                                  1244256000
   194.180.49.46                                             1244256000
  17.253.122.199                                              517149600
  17.253.122.199        443                                   517059600
                        443   192.114.91.246                  445976700
                              192.114.91.246                  445976700
  17.253.122.199                                  13412       380783400
                              192.114.91.246      13412       380783400
                               192.114.3.241                  250572900
                        443    192.114.3.241                  250490100

Metric Info:
292k SYN Packets/s

Alert Type:
time_window

Alert Description:
High SYN packet rate

Start Time: 2025-04-06 09:17:50
End Time: ongoing

First Event Seen: 2025-04-06 09:15:00
Last Event Seen: 2025-04-06 09:22:00

Further Details:
https://primary.nemo.geant.org/alerts/details/370232/

More information about the Nemo-ddos-list mailing list