[NeMo-DDoS-List] FW: [Geant NeMo] Analysis for Alert #363175 WARN: IUCC (AS378) - [Customer] [Email_Analysis] [IUCC]

Hank Nussbacher hank at mail.iucc.ac.il
Thu Feb 13 19:44:03 IST 2025 



________________________________________
From: nemo-ddos at host.geant.org <nemo-ddos at host.geant.org>
Sent: Thursday, February 13, 2025 7:43:54 PM (UTC+02:00) Jerusalem
To: soc at geant.org
Subject: [Geant NeMo] Analysis for Alert #363175 WARN: IUCC (AS378) - [Customer] [Email_Analysis] [IUCC]

Please find the analysis details for the Alert ID: 363175

Top-10 Src IPs by Packets:
   Packets   Est. Rate   % of Total           Src IP
---------------------------------------------------
  19295400       64318        42.5%   45.144.212.109
   1932600        6442         4.3%   185.242.226.42
    667800        2226         1.5%    40.83.133.237
    512700        1709         1.1%   185.224.128.23
    475800        1586         1.0%    103.56.61.136
    361500        1205         0.8%     193.68.89.52
    350100        1167         0.8%    204.76.203.70
    301800        1006         0.7%   103.253.27.167
    295200         984         0.7%   193.41.206.156
    273300         911         0.6%   193.41.206.142

Top-10 Dst IPs by Packets:
    Packets   Est. Rate   % of Total            Dst IP
-----------------------------------------------------
  175967400      586558       387.8%     132.68.238.32
     172500         575         0.4%      132.76.61.53
      55200         184         0.1%      132.76.61.54
      54900         183         0.1%   128.139.225.245
      42900         143         0.1%      192.114.5.10
      42600         142         0.1%      192.114.52.7
      41700         139         0.1%     132.65.240.60
      40800         136         0.1%     104.22.49.147
      39900         133         0.1%    192.114.91.244
      32700         109         0.1%       172.67.24.1

Top-10 Possible Targets by Bytes:
          Src IP   Src Port          Dst IP   Dst Port   Sampled Count
--------------------------------------------------------------------
                              132.68.238.32                16060213200
                              132.68.238.32         80     13372327200
                         80   132.68.238.32                 1945210800
                      32320   132.68.238.32                 1612926000
                      55635   132.68.238.32                 1607248800
                      33505   132.68.238.32                 1556594400
                      19938   132.68.238.32                 1535272500
                      63628   132.68.238.32                 1443978000
                      17406   132.68.238.32                 1396427100
  45.144.212.109      43939                                  771816000

Metric Info:
1009k ACK Packets/s, 1M SYN Packets/s

Alert Type:
time_window

Alert Description:
Abnormal SYN:ACK packet ratio

Start Time: 2025-02-13 17:37:33
End Time: ongoing

First Event Seen: 2025-02-13 17:35:00
Last Event Seen: 2025-02-13 17:42:00

Further Details:
https://primary.nemo.geant.org/alerts/details/363175/

More information about the Nemo-ddos-list mailing list