[NeMo-DDoS-List] FW: [Geant NeMo] Analysis for Alert #371136 CRIT: IUCC (AS378) - [Email_Analysis] [Customer] [IUCC]

Wed Apr 16 12:12:11 IDT 2025



________________________________________
From: nemo-ddos at host.geant.org <nemo-ddos at host.geant.org>
Sent: Wednesday, April 16, 2025 12:12:05 PM (UTC+02:00) Jerusalem
To: soc at geant.org
Subject: [Geant NeMo] Analysis for Alert #371136 CRIT: IUCC (AS378) - [Email_Analysis] [Customer] [IUCC]

Please find the analysis details for the Alert ID: 371136

Top-10 Src IPs by Packets:
   Packets   Est. Rate   % of Total           Src IP
---------------------------------------------------
  51686100      172287        29.5%    92.63.197.236
  51626700      172089        29.5%    92.63.197.145
  38717700      129059        22.1%    89.248.163.61
   1831500        6105         1.0%    45.80.215.135
   1518300        5061         0.9%    165.22.62.128
    973200        3244         0.6%    20.65.154.146
    468300        1561         0.3%   43.207.150.207
    465000        1550         0.3%    154.81.156.35
    464400        1548         0.3%   43.206.242.204
    462600        1542         0.3%    13.115.221.41

Top-10 Dst IPs by Packets:
  Packets   Est. Rate   % of Total           Dst IP
--------------------------------------------------
   174600         582         0.1%     192.114.5.10
    86400         288         0.0%    132.76.10.106
    80100         267         0.0%     132.76.61.54
    79800         266         0.0%     132.70.66.11
    59400         198         0.0%     132.70.66.14
    58200         194         0.0%     132.76.61.53
    46800         156         0.0%   132.70.166.104
    45600         152         0.0%    132.76.230.97
    37200         124         0.0%    132.65.240.60
    28200          94         0.0%   199.232.82.172

Top-10 Possible Targets by Bytes:
         Src IP   Src Port         Dst IP   Dst Port   Sampled Count
------------------------------------------------------------------
  92.63.197.236      51327                                2067444000
  92.63.197.236                                           2067444000
  92.63.197.145      51252                                2065068000
  92.63.197.145                                           2065068000
  89.248.163.61      51548                                1548708000
  89.248.163.61                                           1548708000
                       443   192.114.5.10                  192282300
                             192.114.5.10                  192282300
    104.20.5.79        443                                 190323900
    104.20.5.79                                10402       190323900

Metric Info:
497k SYN Packets/s, 691k ACK Packets/s

Alert Type:
time_window

Alert Description:
Abnormal SYN:ACK packet ratio

Start Time: 2025-04-16 08:54:43
End Time: ongoing

First Event Seen: 2025-04-16 08:52:00
Last Event Seen: 2025-04-16 09:10:00

Further Details:
https://primary.nemo.geant.org/alerts/details/371136/