[NeMo-DDoS-List] FW: [Geant NeMo] Analysis for Alert #362675 WARN: IUCC (AS378) - [Customer] [Email_Analysis] [IUCC]

Sun Feb 9 22:56:00 IST 2025



________________________________________
From: nemo-ddos at host.geant.org <nemo-ddos at host.geant.org>
Sent: Sunday, February 9, 2025 10:55:52 PM (UTC+02:00) Jerusalem
To: soc at geant.org
Subject: [Geant NeMo] Analysis for Alert #362675 WARN: IUCC (AS378) - [Customer] [Email_Analysis] [IUCC]

Please find the analysis details for the Alert ID: 362675

Top-10 Src IPs by Packets:
   Packets   Est. Rate   % of Total            Src IP
----------------------------------------------------
  18213900       60713        34.2%    45.144.212.109
  18183000       60610        34.1%      5.182.37.200
    569100        1897         1.1%    83.222.191.130
    552000        1840         1.0%     4.246.247.146
    524700        1749         1.0%    15.235.224.239
    426600        1422         0.8%      193.68.89.10
    340500        1135         0.6%     204.76.203.70
    315600        1052         0.6%       37.10.114.9
    241500         805         0.5%   195.211.191.210
    238200         794         0.4%   195.211.191.201

Top-10 Dst IPs by Packets:
  Packets   Est. Rate   % of Total            Dst IP
---------------------------------------------------
   147300         491         0.3%       132.70.66.9
    95100         317         0.2%   128.139.225.245
    69300         231         0.1%     147.233.0.167
    61800         206         0.1%     147.233.0.183
    59700         199         0.1%     147.233.0.106
    58500         195         0.1%     147.233.0.200
    55800         186         0.1%     147.233.0.246
    55200         184         0.1%     147.233.0.128
    54900         183         0.1%     147.233.0.182
    54600         182         0.1%     147.233.0.151

Top-10 Possible Targets by Bytes:
          Src IP   Src Port            Dst IP   Dst Port   Sampled Count
----------------------------------------------------------------------
    5.182.37.200                                               800052000
  45.144.212.109      58720                                    728556000
  45.144.212.109                                               728556000
    5.182.37.200      54016                                    371540400
    5.182.37.200      54000                                    367593600
                              128.139.225.245                   59213100
                        443   128.139.225.245                   58684800
   185.226.53.95        443                                     49505400
   185.226.53.95                                   65262        49505400
   185.226.53.95                                                49505400

Metric Info:
253k SYN Packets/s

Alert Type:
time_window

Alert Description:
High SYN packet rate

Start Time: 2025-02-09 20:49:42
End Time: ongoing

First Event Seen: 2025-02-09 20:47:00
Last Event Seen: 2025-02-09 20:54:00

Further Details:
https://primary.nemo.geant.org/alerts/details/362675/