[NeMo-DDoS-List] FW: [Geant NeMo] Analysis for Alert #363176 WARN: IUCC (AS378) - [Customer] [Email_Analysis] [IUCC]
Hank Nussbacher
hank at mail.iucc.ac.il
Thu Feb 13 19:44:01 IST 2025
________________________________________
From: nemo-ddos at host.geant.org <nemo-ddos at host.geant.org>
Sent: Thursday, February 13, 2025 7:43:55 PM (UTC+02:00) Jerusalem
To: soc at geant.org
Subject: [Geant NeMo] Analysis for Alert #363176 WARN: IUCC (AS378) - [Customer] [Email_Analysis] [IUCC]
Please find the analysis details for the Alert ID: 363176
Top-10 Src IPs by Packets:
Packets Est. Rate % of Total Src IP
---------------------------------------------------
19295400 64318 42.5% 45.144.212.109
1932600 6442 4.3% 185.242.226.42
667800 2226 1.5% 40.83.133.237
512700 1709 1.1% 185.224.128.23
475800 1586 1.0% 103.56.61.136
361500 1205 0.8% 193.68.89.52
350100 1167 0.8% 204.76.203.70
301800 1006 0.7% 103.253.27.167
295200 984 0.7% 193.41.206.156
273300 911 0.6% 193.41.206.142
Top-10 Dst IPs by Packets:
Packets Est. Rate % of Total Dst IP
-----------------------------------------------------
175967400 586558 387.8% 132.68.238.32
172500 575 0.4% 132.76.61.53
55200 184 0.1% 132.76.61.54
54900 183 0.1% 128.139.225.245
42900 143 0.1% 192.114.5.10
42600 142 0.1% 192.114.52.7
41700 139 0.1% 132.65.240.60
40800 136 0.1% 104.22.49.147
39900 133 0.1% 192.114.91.244
32700 109 0.1% 172.67.24.1
Top-10 Possible Targets by Bytes:
Src IP Src Port Dst IP Dst Port Sampled Count
--------------------------------------------------------------------
132.68.238.32 16060213200
132.68.238.32 80 13372327200
80 132.68.238.32 1945210800
32320 132.68.238.32 1612926000
55635 132.68.238.32 1607248800
33505 132.68.238.32 1556594400
19938 132.68.238.32 1535272500
63628 132.68.238.32 1443978000
17406 132.68.238.32 1396427100
45.144.212.109 43939 771816000
Metric Info:
1M SYN Packets/s
Alert Type:
time_window
Alert Description:
High SYN packet rate
Start Time: 2025-02-13 17:37:34
End Time: ongoing
First Event Seen: 2025-02-13 17:35:00
Last Event Seen: 2025-02-13 17:42:00
Further Details:
https://primary.nemo.geant.org/alerts/details/363176/
More information about the Nemo-ddos-list
mailing list