[NeMo-DDoS-List] FW: [Geant NeMo] Analysis for Alert #370354 CRIT: IUCC (AS378) - [Email_Analysis] [Customer] [IUCC]
Hank Nussbacher
hank at mail.iucc.ac.il
Mon Apr 7 11:14:20 IDT 2025
________________________________________
From: nemo-ddos at host.geant.org <nemo-ddos at host.geant.org>
Sent: Monday, April 7, 2025 11:14:13 AM (UTC+02:00) Jerusalem
To: soc at geant.org
Subject: [Geant NeMo] Analysis for Alert #370354 CRIT: IUCC (AS378) - [Email_Analysis] [Customer] [IUCC]
Please find the analysis details for the Alert ID: 370354
Top-10 Src IPs by Packets:
Packets Est. Rate % of Total Src IP
--------------------------------------------------
6089100 20297 8.3% 108.181.2.183
5865000 19550 8.0% 108.181.3.205
5664900 18883 7.7% 108.181.24.17
5162400 17208 7.0% 108.181.24.25
5033100 16777 6.9% 208.87.242.23
4673100 15577 6.4% 80.64.30.221
4668300 15561 6.4% 208.87.242.171
4446000 14820 6.1% 208.87.243.123
4224600 14082 5.8% 208.87.243.205
3970800 13236 5.4% 208.87.243.177
Top-10 Dst IPs by Packets:
Packets Est. Rate % of Total Dst IP
---------------------------------------------------
287100 957 0.4% 128.139.199.5
268800 896 0.4% 132.70.60.123
143700 479 0.2% 192.114.105.254
109500 365 0.1% 132.76.61.54
106500 355 0.1% 132.69.220.253
105300 351 0.1% 17.253.122.199
100500 335 0.1% 132.76.61.53
99900 333 0.1% 132.68.7.253
88200 294 0.1% 132.66.248.96
85200 284 0.1% 132.74.3.4
Top-10 Possible Targets by Bytes:
Src IP Src Port Dst IP Dst Port Sampled Count
-------------------------------------------------------------------
443 128.139.199.5 396532200
128.139.199.5 396532200
2.19.126.227 443 396424200
2.19.126.227 62239 396424200
2.19.126.227 396424200
128.139.199.5 62239 396424200
443 132.70.60.123 389462400
132.70.60.123 389462400
108.181.2.183 52494 243564000
108.181.2.183 243564000
Metric Info:
423k SYN Packets/s
Alert Type:
time_window
Alert Description:
High SYN packet rate
Start Time: 2025-04-07 07:58:43
End Time: ongoing
First Event Seen: 2025-04-07 07:56:00
Last Event Seen: 2025-04-07 08:12:00
Further Details:
https://primary.nemo.geant.org/alerts/details/370354/
More information about the Nemo-ddos-list
mailing list