[NeMo-DDoS-List] FW: [Geant NeMo] Analysis for Alert #364489 CRIT: IUCC (AS378) - [Customer] [IUCC] [Email_Analysis]

Hank Nussbacher hank at mail.iucc.ac.il
Sat Feb 22 22:48:03 IST 2025 



________________________________________
From: nemo-ddos at host.geant.org <nemo-ddos at host.geant.org>
Sent: Saturday, February 22, 2025 10:47:56 PM (UTC+02:00) Jerusalem
To: soc at geant.org
Subject: [Geant NeMo] Analysis for Alert #364489 CRIT: IUCC (AS378) - [Customer] [IUCC] [Email_Analysis]

Please find the analysis details for the Alert ID: 364489

Top-10 Src IPs by Packets:
   Packets   Est. Rate   % of Total            Src IP
----------------------------------------------------
  26158500       87195        33.8%     194.180.49.46
   8970600       29902        11.6%     138.68.144.17
   8457900       28193        10.9%    138.68.157.199
   8346000       27820        10.8%    134.209.231.41
   7408200       24694         9.6%    165.22.112.127
    958200        3194         1.2%     185.242.226.2
    639900        2133         0.8%   172.206.148.154
    575400        1918         0.7%    222.186.13.133
    462000        1540         0.6%    48.217.211.235
    384900        1283         0.5%   185.242.226.153

Top-10 Dst IPs by Packets:
  Packets   Est. Rate   % of Total            Dst IP
---------------------------------------------------
   183600         612         0.2%     132.76.230.97
   178500         595         0.2%    132.70.166.104
   173100         577         0.2%      52.92.33.114
    74100         247         0.1%     132.76.81.185
    65700         219         0.1%   128.139.225.245
    51000         170         0.1%    192.114.23.221
    49500         165         0.1%      132.76.61.54
    38100         127         0.0%     132.65.240.60
    36900         123         0.0%      132.76.61.53
    32700         109         0.0%      192.114.5.10

Top-10 Possible Targets by Bytes:
          Src IP   Src Port   Dst IP   Dst Port   Sampled Count
-------------------------------------------------------------
   194.180.49.46      56188                          1046340000
   194.180.49.46                                     1046340000
   138.68.144.17      57457                           358824000
   138.68.144.17                                      358824000
  138.68.157.199      55751                           338316000
  138.68.157.199                                      338316000
  134.209.231.41      57620                           333840000
  134.209.231.41                                      333840000
  165.22.112.127      56021                           296328000
  165.22.112.127                                      296328000

Metric Info:
343k SYN Packets/s

Alert Type:
time_window

Alert Description:
High SYN packet rate

Start Time: 2025-02-22 20:32:54
End Time: ongoing

First Event Seen: 2025-02-22 20:30:00
Last Event Seen: 2025-02-22 20:46:00

Further Details:
https://primary.nemo.geant.org/alerts/details/364489/

More information about the Nemo-ddos-list mailing list