[NeMo-DDoS-List] FW: [Geant NeMo] Analysis for Alert #377436 CRIT: IUCC (AS378) - [Customer] [Email_Analysis] [IUCC]
Hank Nussbacher
hank at mail.iucc.ac.il
Thu Jul 10 20:21:35 IDT 2025
________________________________________
From: nemo-ddos at host.geant.org <nemo-ddos at host.geant.org>
Sent: Thursday, July 10, 2025 8:21:24 PM (UTC+02:00) Jerusalem
To: soc at geant.org
Subject: [Geant NeMo] Analysis for Alert #377436 CRIT: IUCC (AS378) - [Customer] [Email_Analysis] [IUCC]
Please find the analysis details for the Alert ID: 377436
Top-10 Src IPs by Packets:
Packets Est. Rate % of Total Src IP
---------------------------------------------------
63990900 213303 18.8% 5.39.217.109
61802400 206008 18.1% 31.172.80.90
42430800 141436 12.5% 195.160.220.89
30678000 102260 9.0% 84.238.133.38
30466500 101555 8.9% 185.204.52.33
19175100 63917 5.6% 43.250.53.25
18531900 61773 5.4% 84.238.133.19
17338500 57795 5.1% 185.244.128.79
15258900 50863 4.5% 85.17.90.43
12085800 40286 3.5% 88.80.145.14
Top-10 Dst IPs by Packets:
Packets Est. Rate % of Total Dst IP
--------------------------------------------------
279600 932 0.1% 132.70.19.4
88800 296 0.0% 20.217.135.5
72600 242 0.0% 128.139.18.134
71100 237 0.0% 128.139.17.226
70500 235 0.0% 128.139.17.7
70500 235 0.0% 128.139.18.219
70200 234 0.0% 128.139.17.230
70200 234 0.0% 128.139.18.70
69900 233 0.0% 128.139.18.131
68400 228 0.0% 128.139.18.65
Top-10 Possible Targets by Bytes:
Src IP Src Port Dst IP Dst Port Sampled Count
-------------------------------------------------------------
5.39.217.109 2815599600
31.172.80.90 2719305600
195.160.220.89 1866955200
84.238.133.38 1349832000
185.204.52.33 1340526000
43.250.53.25 843704400
84.238.133.19 815403600
185.244.128.79 762894000
85.17.90.43 671391600
5.39.217.109 47634 671180400
Metric Info:
5M SYN Packets/s
Alert Type:
time_window
Alert Description:
High SYN packet rate
Start Time: 2025-07-10 17:15:59
End Time: ongoing
First Event Seen: 2025-07-10 17:13:00
Last Event Seen: 2025-07-10 17:19:00
Further Details:
https://primary.nemo.geant.org/alerts/details/377436/
More information about the Nemo-ddos-list
mailing list