[NeMo-DDoS-List] FW: [Geant NeMo] Analysis for Alert #371132 CRIT: IUCC (AS378) - [Email_Analysis] [Customer] [IUCC]
Hank Nussbacher
hank at mail.iucc.ac.il
Wed Apr 16 11:33:15 IDT 2025
________________________________________
From: nemo-ddos at host.geant.org <nemo-ddos at host.geant.org>
Sent: Wednesday, April 16, 2025 11:33:06 AM (UTC+02:00) Jerusalem
To: soc at geant.org
Subject: [Geant NeMo] Analysis for Alert #371132 CRIT: IUCC (AS378) - [Email_Analysis] [Customer] [IUCC]
Please find the analysis details for the Alert ID: 371132
Top-10 Src IPs by Packets:
Packets Est. Rate % of Total Src IP
---------------------------------------------------
29084700 96949 38.2% 92.63.197.145
18133200 60444 23.8% 92.63.197.236
1788600 5962 2.3% 45.80.215.135
1439400 4798 1.9% 165.22.62.128
638700 2129 0.8% 20.171.25.51
546600 1822 0.7% 3.148.226.33
537300 1791 0.7% 185.91.127.81
479400 1598 0.6% 18.221.225.145
450000 1500 0.6% 3.238.100.255
444900 1483 0.6% 18.223.104.85
Top-10 Dst IPs by Packets:
Packets Est. Rate % of Total Dst IP
---------------------------------------------------
80400 268 0.1% 192.114.91.246
60900 203 0.1% 132.76.61.53
60300 201 0.1% 132.76.61.54
44700 149 0.1% 132.70.66.14
40800 136 0.1% 128.139.200.5
36000 120 0.0% 132.65.240.60
25800 86 0.0% 128.139.197.119
24600 82 0.0% 192.114.5.10
24600 82 0.0% 192.114.105.254
24300 81 0.0% 132.72.6.1
Top-10 Possible Targets by Bytes:
Src IP Src Port Dst IP Dst Port Sampled Count
--------------------------------------------------------------------
92.63.197.145 51252 1163388000
92.63.197.145 1163388000
92.63.197.236 51327 725328000
92.63.197.236 725328000
23.41.187.31 443 107426100
23.41.187.31 10404 107426100
23.41.187.31 107426100
443 192.114.91.246 107426100
192.114.91.246 10404 107426100
192.114.91.246 107426100
Metric Info:
498k SYN Packets/s
Alert Type:
time_window
Alert Description:
High SYN packet rate
Start Time: 2025-04-16 08:17:45
End Time: ongoing
First Event Seen: 2025-04-16 08:15:00
Last Event Seen: 2025-04-16 08:31:00
Further Details:
https://primary.nemo.geant.org/alerts/details/371132/
More information about the Nemo-ddos-list
mailing list