[NeMo-DDoS-List] FW: [Geant NeMo] Analysis for Alert #380017 CRIT: IUCC (AS378) - [Customer] [Email_Analysis] [IUCC]
Hank Nussbacher
hank at mail.iucc.ac.il
Sun Aug 3 17:52:55 IDT 2025
________________________________________
From: nemo-ddos at host.geant.org <nemo-ddos at host.geant.org>
Sent: Sunday, August 3, 2025 5:52:38 PM (UTC+02:00) Jerusalem
To: soc at geant.org
Subject: [Geant NeMo] Analysis for Alert #380017 CRIT: IUCC (AS378) - [Customer] [Email_Analysis] [IUCC]
Please find the analysis details for the Alert ID: 380017
Top-10 Src IPs by Packets:
Packets Est. Rate % of Total Src IP
---------------------------------------------------
6901500 23005 13.9% 35.226.27.221
6495000 21650 13.1% 34.55.102.107
6433200 21444 13.0% 34.136.232.55
6250200 20834 12.6% 34.28.207.190
1618800 5396 3.3% 141.148.59.116
989700 3299 2.0% 103.56.61.130
470700 1569 0.9% 185.91.127.107
469800 1566 0.9% 193.142.146.168
447000 1490 0.9% 18.217.194.148
446700 1489 0.9% 3.136.67.107
Top-10 Dst IPs by Packets:
Packets Est. Rate % of Total Dst IP
--------------------------------------------------
112200 374 0.2% 192.114.3.241
56400 188 0.1% 128.139.77.38
55800 186 0.1% 128.139.77.234
51000 170 0.1% 128.139.77.195
48000 160 0.1% 128.139.77.151
46200 154 0.1% 128.139.77.14
45600 152 0.1% 128.139.77.250
42600 142 0.1% 128.139.77.226
41700 139 0.1% 128.139.77.177
41700 139 0.1% 128.139.77.169
Top-10 Possible Targets by Bytes:
Src IP Src Port Dst IP Dst Port Sampled Count
-------------------------------------------------------------------
35.226.27.221 276060000
34.55.102.107 259800000
34.136.232.55 257328000
34.28.207.190 250008000
35.226.27.221 52161 164676000
192.114.3.241 143768100
443 192.114.3.241 143690100
95.216.21.161 443 143672100
95.216.21.161 10401 143672100
95.216.21.161 143672100
Metric Info:
213k SYN Packets/s
Alert Type:
time_window
Alert Description:
High SYN packet rate
Start Time: 2025-08-03 14:47:29
End Time: ongoing
First Event Seen: 2025-08-03 14:45:00
Last Event Seen: 2025-08-03 14:51:00
Further Details:
https://primary.nemo.geant.org/alerts/details/380017/
More information about the Nemo-ddos-list
mailing list