[NeMo-DDoS-List] FW: [Geant NeMo] Analysis for Alert #370704 WARN: IUCC (AS378) - [Email_Analysis] [Customer] [IUCC]
Hank Nussbacher
hank at mail.iucc.ac.il
Sat Apr 12 01:10:11 IDT 2025
________________________________________
From: nemo-ddos at host.geant.org <nemo-ddos at host.geant.org>
Sent: Saturday, April 12, 2025 1:09:58 AM (UTC+02:00) Jerusalem
To: soc at geant.org
Subject: [Geant NeMo] Analysis for Alert #370704 WARN: IUCC (AS378) - [Email_Analysis] [Customer] [IUCC]
Please find the analysis details for the Alert ID: 370704
Top-10 Src IPs by Packets:
Packets Est. Rate % of Total Src IP
---------------------------------------------------
18480000 61600 42.5% 109.205.213.85
1453500 4845 3.3% 165.22.62.128
1011600 3372 2.3% 45.80.215.135
934800 3116 2.2% 172.178.84.60
852900 2843 2.0% 20.64.106.28
793200 2644 1.8% 13.89.124.216
567900 1893 1.3% 185.91.127.81
407400 1358 0.9% 20.65.193.82
400800 1336 0.9% 15.235.224.227
383100 1277 0.9% 154.81.156.54
Top-10 Dst IPs by Packets:
Packets Est. Rate % of Total Dst IP
--------------------------------------------------
78600 262 0.2% 104.22.49.147
71700 239 0.2% 132.71.160.97
61500 205 0.1% 132.76.230.97
53100 177 0.1% 132.70.166.104
34200 114 0.1% 132.76.61.53
33600 112 0.1% 132.76.61.54
33600 112 0.1% 132.65.240.60
26400 88 0.1% 192.114.5.10
13500 45 0.0% 192.114.3.241
11400 38 0.0% 132.64.171.19
Top-10 Possible Targets by Bytes:
Src IP Src Port Dst IP Dst Port Sampled Count
-------------------------------------------------------------
109.205.213.85 739200000
109.205.213.85 48873 692184000
165.22.62.128 52317 58140000
165.22.62.128 58140000
109.205.213.85 3389 47052000
109.205.213.85 48835 47016000
45.80.215.135 40464000
172.178.84.60 18091 37392000
172.178.84.60 37392000
20.64.106.28 17990 34116000
Metric Info:
243k SYN Packets/s
Alert Type:
time_window
Alert Description:
High SYN packet rate
Start Time: 2025-04-11 22:03:47
End Time: ongoing
First Event Seen: 2025-04-11 22:01:00
Last Event Seen: 2025-04-11 22:08:00
Further Details:
https://primary.nemo.geant.org/alerts/details/370704/
More information about the Nemo-ddos-list
mailing list