[NeMo-DDoS-List] FW: [Geant NeMo] Analysis for Alert #363227 WARN: IUCC (AS378) - [Customer] [Email_Analysis] [IUCC]

Hank Nussbacher hank at mail.iucc.ac.il
Fri Feb 14 03:45:49 IST 2025 



________________________________________
From: nemo-ddos at host.geant.org <nemo-ddos at host.geant.org>
Sent: Friday, February 14, 2025 3:45:42 AM (UTC+02:00) Jerusalem
To: soc at geant.org
Subject: [Geant NeMo] Analysis for Alert #363227 WARN: IUCC (AS378) - [Customer] [Email_Analysis] [IUCC]

Please find the analysis details for the Alert ID: 363227

Top-10 Src IPs by Packets:
   Packets   Est. Rate   % of Total            Src IP
----------------------------------------------------
  39941400      133138        47.2%      5.182.37.200
  17122800       57076        20.2%    45.144.212.109
  10286400       34288        12.1%     104.156.155.3
    931200        3104         1.1%    185.242.226.49
    719700        2399         0.9%       43.159.20.5
    390600        1302         0.5%    15.235.224.238
    389400        1298         0.5%    15.235.224.239
    346500        1155         0.4%     204.76.203.70
    299400         998         0.4%    193.41.206.156
    277800         926         0.3%   195.211.191.207

Top-10 Dst IPs by Packets:
  Packets   Est. Rate   % of Total            Dst IP
---------------------------------------------------
    66600         222         0.1%    192.114.195.76
    63600         212         0.1%   192.114.195.101
    62400         208         0.1%    192.114.194.32
    61200         204         0.1%   192.114.194.219
    60300         201         0.1%   192.114.195.127
    58200         194         0.1%    192.114.194.66
    55500         185         0.1%   192.114.194.146
    55200         184         0.1%      192.114.52.1
    54300         181         0.1%   192.114.194.122
    54000         180         0.1%    192.114.194.36

Top-10 Possible Targets by Bytes:
          Src IP   Src Port   Dst IP   Dst Port   Sampled Count
-------------------------------------------------------------
    5.182.37.200                                     1757421600
  45.144.212.109      43939                           684912000
  45.144.212.109                                      684912000
   104.156.155.3      46553                           411456000
   104.156.155.3                                      411456000
    5.182.37.200      56892                           365626800
    5.182.37.200      56908                           365613600
    5.182.37.200      57044                           304920000
    5.182.37.200      57060                           302834400
    5.182.37.200      56755                           209814000

Metric Info:
292k SYN Packets/s, 330k ACK Packets/s

Alert Type:
time_window

Alert Description:
Abnormal SYN:ACK packet ratio

Start Time: 2025-02-14 01:39:32
End Time: ongoing

First Event Seen: 2025-02-14 01:37:00
Last Event Seen: 2025-02-14 01:44:00

Further Details:
https://primary.nemo.geant.org/alerts/details/363227/

More information about the Nemo-ddos-list mailing list