[NeMo-DDoS-List] FW: [Geant NeMo] Analysis for Alert #365273 WARN: IUCC (AS378) - [Customer] [IUCC] [Email_Analysis]

Fri Feb 28 12:38:18 IST 2025



________________________________________
From: nemo-ddos at host.geant.org <nemo-ddos at host.geant.org>
Sent: Friday, February 28, 2025 12:38:10 PM (UTC+02:00) Jerusalem
To: soc at geant.org
Subject: [Geant NeMo] Analysis for Alert #365273 WARN: IUCC (AS378) - [Customer] [IUCC] [Email_Analysis]

Please find the analysis details for the Alert ID: 365273

Top-10 Src IPs by Packets:
   Packets   Est. Rate   % of Total           Src IP
---------------------------------------------------
  14972400       49908        32.3%    89.248.165.13
   7607700       25359        16.4%   89.248.165.108
   1945800        6486         4.2%    185.242.226.5
    739200        2464         1.6%    20.65.194.114
    702600        2342         1.5%     20.83.52.160
    642000        2140         1.4%   104.156.155.14
    600000        2000         1.3%     20.65.194.40
    567000        1890         1.2%   128.139.14.104
    468900        1563         1.0%    185.91.127.81
    452100        1507         1.0%   45.142.193.153

Top-10 Dst IPs by Packets:
  Packets   Est. Rate   % of Total            Dst IP
---------------------------------------------------
   567000        1890         1.2%        3.5.70.242
   133500         445         0.3%     128.139.199.5
    45000         150         0.1%     132.65.240.60
    43200         144         0.1%    132.70.166.104
    42600         142         0.1%   192.114.105.254
    40800         136         0.1%     132.76.230.97
    38400         128         0.1%      132.76.61.54
    33000         110         0.1%      132.76.61.53
    31500         105         0.1%    192.114.23.221
    30900         103         0.1%      192.114.5.10

Top-10 Possible Targets by Bytes:
          Src IP   Src Port       Dst IP   Dst Port   Sampled Count
-----------------------------------------------------------------
  128.139.14.104      58055                               826269600
  128.139.14.104                                443       826269600
  128.139.14.104                                          826269600
                      58055   3.5.70.242                  826269600
                              3.5.70.242        443       826269600
                              3.5.70.242                  826269600
   89.248.165.13      58563                               598896000
   89.248.165.13                                          598896000
  89.248.165.108      58470                               304308000
  89.248.165.108                                          304308000

Metric Info:
196k SYN Packets/s

Alert Type:
time_window

Alert Description:
High SYN packet rate

Start Time: 2025-02-28 10:31:50
End Time: ongoing

First Event Seen: 2025-02-28 10:29:00
Last Event Seen: 2025-02-28 10:36:00

Further Details:
https://primary.nemo.geant.org/alerts/details/365273/