[NeMo-DDoS-List] FW: [Geant NeMo] Analysis for Alert #376817 CRIT: IUCC (AS378) - [Customer] [Email_Analysis] [IUCC]

Tue Jul 1 11:29:42 IDT 2025



________________________________________
From: nemo-ddos at host.geant.org <nemo-ddos at host.geant.org>
Sent: Tuesday, July 1, 2025 11:29:35 AM (UTC+02:00) Jerusalem
To: soc at geant.org
Subject: [Geant NeMo] Analysis for Alert #376817 CRIT: IUCC (AS378) - [Customer] [Email_Analysis] [IUCC]

Please find the analysis details for the Alert ID: 376817

Top-10 Src IPs by Packets:
   Packets   Est. Rate   % of Total           Src IP
---------------------------------------------------
  11867400       39558        22.3%    34.28.207.190
   8315400       27718        15.6%    34.55.102.107
   6015900       20053        11.3%     34.66.88.210
   3121800       10406         5.9%    35.226.27.221
   1028100        3427         1.9%    93.123.72.134
    590100        1967         1.1%    89.42.231.140
    557400        1858         1.0%    149.86.227.49
    531000        1770         1.0%   193.34.212.110
    500400        1668         0.9%   157.240.251.55
    431400        1438         0.8%    89.248.163.67

Top-10 Dst IPs by Packets:
  Packets   Est. Rate   % of Total            Dst IP
---------------------------------------------------
   500400        1668         0.9%    132.74.171.161
   111900         373         0.2%   192.114.105.254
   100500         335         0.2%    52.222.144.118
    70800         236         0.1%    192.114.91.244
    61200         204         0.1%     159.124.2.172
    58500         195         0.1%    192.114.91.249
    56100         187         0.1%     132.66.230.14
    55500         185         0.1%      132.76.61.52
    53700         179         0.1%      192.114.5.10
    52500         175         0.1%   128.139.225.245

Top-10 Possible Targets by Bytes:
          Src IP   Src Port           Dst IP   Dst Port   Sampled Count
---------------------------------------------------------------------
  157.240.251.55        443                                   715598100
  157.240.251.55                                  34006       715598100
  157.240.251.55                                              715598100
                        443   132.74.171.161                  715598100
                              132.74.171.161      34006       715598100
                              132.74.171.161                  715598100
   34.28.207.190                                              474696000
   34.55.102.107                                              332616000
    34.66.88.210                                              240636000
   34.28.207.190      58153                                   191208000

Metric Info:
228k SYN Packets/s

Alert Type:
time_window

Alert Description:
High SYN packet rate

Start Time: 2025-07-01 08:26:24
End Time: ongoing

First Event Seen: 2025-07-01 08:24:00
Last Event Seen: 2025-07-01 08:27:00

Further Details:
https://primary.nemo.geant.org/alerts/details/376817/