[NeMo-DDoS-List] FW: [Geant NeMo] Analysis for Alert #362453 WARN: IUCC (AS378) - [Customer] [Email_Analysis] [IUCC]

Hank Nussbacher hank at mail.iucc.ac.il
Sat Feb 8 08:55:02 IST 2025 



________________________________________
From: nemo-ddos at host.geant.org <nemo-ddos at host.geant.org>
Sent: Saturday, February 8, 2025 8:54:52 AM (UTC+02:00) Jerusalem
To: soc at geant.org
Subject: [Geant NeMo] Analysis for Alert #362453 WARN: IUCC (AS378) - [Customer] [Email_Analysis] [IUCC]

Please find the analysis details for the Alert ID: 362453

Top-10 Src IPs by Packets:
  Packets   Est. Rate   % of Total           Src IP
--------------------------------------------------
  6337500       21125         5.6%   104.152.52.159
  5475900       18253         4.9%   104.152.52.196
  4158900       13863         3.7%   104.152.52.218
  4136700       13789         3.7%   104.152.52.207
  3420000       11400         3.0%   104.152.52.243
  3372600       11242         3.0%   104.152.52.157
  3348600       11162         3.0%   104.152.52.124
  3082200       10274         2.7%   104.152.52.117
  2604900        8683         2.3%   104.152.52.164
  2110500        7035         1.9%   104.152.52.122

Top-10 Dst IPs by Packets:
  Packets   Est. Rate   % of Total            Dst IP
---------------------------------------------------
  1977300        6591         1.8%    132.64.186.144
    63900         213         0.1%     132.65.240.60
    40500         135         0.0%      132.76.61.53
    37800         126         0.0%      132.76.61.54
    35100         117         0.0%     104.22.49.147
    30000         100         0.0%      192.114.5.10
    26700          89         0.0%    132.68.108.108
    22500          75         0.0%     192.114.1.187
    21600          72         0.0%   128.139.225.245
    20700          69         0.0%      192.114.52.7

Top-10 Possible Targets by Bytes:
          Src IP   Src Port           Dst IP   Dst Port   Sampled Count
---------------------------------------------------------------------
  142.251.209.42        443                                  2876560800
  142.251.209.42                                             2876560800
  142.251.209.42                                  44940      2868016200
                        443   132.64.186.144                 2868016200
                              132.64.186.144      44940      2868016200
                              132.64.186.144                 2868016200
  104.152.52.159                                              253500000
  104.152.52.196                                              219036000
  104.152.52.218                                              166356000
  104.152.52.243                                              136800000

Metric Info:
224k SYN Packets/s, 484k ACK Packets/s

Alert Type:
time_window

Alert Description:
Abnormal SYN:ACK packet ratio

Start Time: 2025-02-08 06:36:41
End Time: ongoing

First Event Seen: 2025-02-08 06:34:00
Last Event Seen: 2025-02-08 06:53:00

Further Details:
https://primary.nemo.geant.org/alerts/details/362453/

More information about the Nemo-ddos-list mailing list