[NeMo-DDoS-List] FW: [Geant NeMo] Analysis for Alert #380115 CRIT: IUCC (AS378) - [Customer] [Email_Analysis] [IUCC]
Hank Nussbacher
hank at mail.iucc.ac.il
Mon Aug 4 10:15:50 IDT 2025
________________________________________
From: nemo-ddos at host.geant.org <nemo-ddos at host.geant.org>
Sent: Monday, August 4, 2025 10:15:42 AM (UTC+02:00) Jerusalem
To: soc at geant.org
Subject: [Geant NeMo] Analysis for Alert #380115 CRIT: IUCC (AS378) - [Customer] [Email_Analysis] [IUCC]
Please find the analysis details for the Alert ID: 380115
Top-10 Src IPs by Packets:
Packets Est. Rate % of Total Src IP
---------------------------------------------------
5614500 18715 7.1% 104.255.152.18
5255100 17517 6.6% 199.167.138.119
5056200 16854 6.3% 104.255.154.157
4811100 16037 6.0% 104.255.152.29
4665900 15553 5.9% 104.255.152.19
4221000 14070 5.3% 208.87.243.205
4065300 13551 5.1% 208.87.243.123
3899700 12999 4.9% 108.181.2.183
3750900 12503 4.7% 108.181.3.205
3434100 11447 4.3% 108.181.24.17
Top-10 Dst IPs by Packets:
Packets Est. Rate % of Total Dst IP
---------------------------------------------------
488700 1629 0.6% 216.58.204.131
364500 1215 0.5% 132.68.176.115
132900 443 0.2% 132.73.124.193
110100 367 0.1% 128.139.199.4
71700 239 0.1% 192.114.105.254
61800 206 0.1% 128.139.91.177
61200 204 0.1% 128.139.91.218
55200 184 0.1% 128.139.91.35
54600 182 0.1% 128.139.91.42
51000 170 0.1% 128.139.91.122
Top-10 Possible Targets by Bytes:
Src IP Src Port Dst IP Dst Port Sampled Count
----------------------------------------------------------------------
128.139.200.4 443 643759200
128.139.200.4 643759200
128.139.200.4 38560 643519200
38560 216.58.204.131 643519200
216.58.204.131 443 643519200
216.58.204.131 643519200
104.255.152.18 51221 222780000
104.255.152.18 222780000
199.167.138.119 51231 210204000
199.167.138.119 210204000
Metric Info:
518k SYN Packets/s
Alert Type:
time_window
Alert Description:
High SYN packet rate
Start Time: 2025-08-04 07:10:39
End Time: ongoing
First Event Seen: 2025-08-04 07:08:00
Last Event Seen: 2025-08-04 07:14:00
Further Details:
https://primary.nemo.geant.org/alerts/details/380115/
More information about the Nemo-ddos-list
mailing list