[NeMo-DDoS-List] FW: [Geant NeMo] Analysis for Alert #363892 CRIT: IUCC (AS378) - [Customer] [IUCC] [Email_Analysis]

Tue Feb 18 19:38:10 IST 2025



________________________________________
From: nemo-ddos at host.geant.org <nemo-ddos at host.geant.org>
Sent: Tuesday, February 18, 2025 7:38:02 PM (UTC+02:00) Jerusalem
To: soc at geant.org
Subject: [Geant NeMo] Analysis for Alert #363892 CRIT: IUCC (AS378) - [Customer] [IUCC] [Email_Analysis]

Please find the analysis details for the Alert ID: 363892

Top-10 Src IPs by Packets:
   Packets   Est. Rate   % of Total            Src IP
----------------------------------------------------
  26656800       88856        31.3%     194.180.49.46
  10121100       33737        11.9%    134.209.231.41
   9834600       32782        11.6%    138.68.157.199
   9745800       32486        11.5%    165.22.112.127
   9649200       32164        11.3%     138.68.144.17
    986700        3289         1.2%    185.242.226.42
    612600        2042         0.7%   172.169.111.191
    592800        1976         0.7%    83.222.191.130
    367200        1224         0.4%      193.68.89.10
    349200        1164         0.4%      193.68.89.52

Top-10 Dst IPs by Packets:
  Packets   Est. Rate   % of Total            Dst IP
---------------------------------------------------
   241500         805         0.3%      192.114.52.8
    98100         327         0.1%     132.72.62.247
    79200         264         0.1%    192.114.23.123
    64800         216         0.1%   128.139.225.245
    56400         188         0.1%      132.76.61.54
    50100         167         0.1%       132.70.66.9
    49800         166         0.1%      192.114.5.10
    47400         158         0.1%   192.114.105.254
    45000         150         0.1%      132.76.61.53
    35400         118         0.0%    192.114.23.238

Top-10 Possible Targets by Bytes:
          Src IP   Src Port   Dst IP   Dst Port   Sampled Count
-------------------------------------------------------------
   194.180.49.46                                     1066272000
   194.180.49.46      59218                           850032000
  134.209.231.41      54665                           404844000
  134.209.231.41                                      404844000
  138.68.157.199      55042                           393384000
  138.68.157.199                                      393384000
  165.22.112.127      54754                           389832000
  165.22.112.127                                      389832000
   138.68.144.17      54317                           385968000
   138.68.144.17                                      385968000

Metric Info:
347k SYN Packets/s

Alert Type:
time_window

Alert Description:
High SYN packet rate

Start Time: 2025-02-18 17:22:54
End Time: ongoing

First Event Seen: 2025-02-18 17:19:00
Last Event Seen: 2025-02-18 17:36:00

Further Details:
https://primary.nemo.geant.org/alerts/details/363892/