[NeMo-DDoS-List] FW: [Geant NeMo] Analysis for Alert #371133 WARN: IUCC (AS378) - [Email_Analysis] [Customer] [IUCC]
Hank Nussbacher
hank at mail.iucc.ac.il
Wed Apr 16 11:26:09 IDT 2025
________________________________________
From: nemo-ddos at host.geant.org <nemo-ddos at host.geant.org>
Sent: Wednesday, April 16, 2025 11:26:04 AM (UTC+02:00) Jerusalem
To: soc at geant.org
Subject: [Geant NeMo] Analysis for Alert #371133 WARN: IUCC (AS378) - [Email_Analysis] [Customer] [IUCC]
Please find the analysis details for the Alert ID: 371133
Top-10 Src IPs by Packets:
Packets Est. Rate % of Total Src IP
---------------------------------------------------
37576500 125255 40.5% 92.63.197.145
26557200 88524 28.6% 92.63.197.236
1784700 5949 1.9% 45.80.215.135
1446900 4823 1.6% 165.22.62.128
541200 1804 0.6% 185.91.127.81
534600 1782 0.6% 3.148.226.33
473400 1578 0.5% 18.221.225.145
447600 1492 0.5% 52.90.244.76
447000 1490 0.5% 3.238.100.255
443700 1479 0.5% 18.223.104.85
Top-10 Dst IPs by Packets:
Packets Est. Rate % of Total Dst IP
---------------------------------------------------
62100 207 0.1% 132.76.61.54
57900 193 0.1% 132.76.61.53
43800 146 0.0% 132.70.66.14
35700 119 0.0% 128.139.200.5
34500 115 0.0% 132.65.240.60
25200 84 0.0% 192.114.5.10
25200 84 0.0% 128.139.197.119
24300 81 0.0% 192.114.105.254
22800 76 0.0% 132.72.6.1
19500 65 0.0% 128.139.225.245
Top-10 Possible Targets by Bytes:
Src IP Src Port Dst IP Dst Port Sampled Count
-------------------------------------------------------------------
92.63.197.145 51252 1503060000
92.63.197.145 1503060000
92.63.197.236 51327 1062288000
92.63.197.236 1062288000
45.80.215.135 71388000
165.22.62.128 52317 57876000
165.22.62.128 57876000
443 128.139.200.5 41792400
128.139.200.5 41792400
74.125.13.230 443 41702400
Metric Info:
1M ACK Packets/s, 504k SYN Packets/s
Alert Type:
time_window
Alert Description:
Abnormal SYN:ACK packet ratio
Start Time: 2025-04-16 08:18:45
End Time: ongoing
First Event Seen: 2025-04-16 08:16:00
Last Event Seen: 2025-04-16 08:24:00
Further Details:
https://primary.nemo.geant.org/alerts/details/371133/
More information about the Nemo-ddos-list
mailing list