[NeMo-DDoS-List] FW: [Geant NeMo] Analysis for Alert #379815 CRIT: IUCC (AS378) - [Customer] [Email_Analysis] [IUCC]
Hank Nussbacher
hank at mail.iucc.ac.il
Sat Aug 2 13:55:49 IDT 2025
________________________________________
From: nemo-ddos at host.geant.org <nemo-ddos at host.geant.org>
Sent: Saturday, August 2, 2025 1:55:37 PM (UTC+02:00) Jerusalem
To: soc at geant.org
Subject: [Geant NeMo] Analysis for Alert #379815 CRIT: IUCC (AS378) - [Customer] [Email_Analysis] [IUCC]
Please find the analysis details for the Alert ID: 379815
Top-10 Src IPs by Packets:
Packets Est. Rate % of Total Src IP
----------------------------------------------------
25983300 86611 42.9% 89.248.165.99
13618800 45396 22.5% 89.248.163.10
1360200 4534 2.2% 141.148.59.116
985500 3285 1.6% 193.142.146.168
634200 2114 1.0% 104.156.155.7
487200 1624 0.8% 18.223.104.85
481500 1605 0.8% 3.136.208.236
467700 1559 0.8% 185.91.127.107
413400 1378 0.7% 52.14.122.207
323100 1077 0.5% 176.65.148.215
Top-10 Dst IPs by Packets:
Packets Est. Rate % of Total Dst IP
--------------------------------------------------
55500 185 0.1% 128.139.53.201
54000 180 0.1% 128.139.53.170
52800 176 0.1% 128.139.53.227
52200 174 0.1% 128.139.53.78
49500 165 0.1% 128.139.53.138
46800 156 0.1% 128.139.53.248
46200 154 0.1% 128.139.53.222
45000 150 0.1% 128.139.53.5
41400 138 0.1% 128.139.53.76
39600 132 0.1% 132.65.240.60
Top-10 Possible Targets by Bytes:
Src IP Src Port Dst IP Dst Port Sampled Count
---------------------------------------------------------------------
89.248.165.99 51642 1039332000
89.248.165.99 1039332000
89.248.163.10 50929 544752000
89.248.163.10 544752000
141.148.59.116 70730400
193.142.146.168 38364000
193.142.146.168 82 32292000
132.65.240.60 26604000
64.31.42.110 9000 26568000
64.31.42.110 51296 26568000
Metric Info:
241k SYN Packets/s
Alert Type:
time_window
Alert Description:
High SYN packet rate
Start Time: 2025-08-02 10:50:29
End Time: ongoing
First Event Seen: 2025-08-02 10:48:00
Last Event Seen: 2025-08-02 10:54:00
Further Details:
https://primary.nemo.geant.org/alerts/details/379815/
More information about the Nemo-ddos-list
mailing list