[NeMo-DDoS-List] FW: [Geant NeMo] Analysis for Alert #377447 CRIT: IUCC (AS378) - [Customer] [Email_Analysis] [IUCC]
Hank Nussbacher
hank at mail.iucc.ac.il
Thu Jul 10 23:27:23 IDT 2025
________________________________________
From: nemo-ddos at host.geant.org <nemo-ddos at host.geant.org>
Sent: Thursday, July 10, 2025 11:27:18 PM (UTC+02:00) Jerusalem
To: soc at geant.org
Subject: [Geant NeMo] Analysis for Alert #377447 CRIT: IUCC (AS378) - [Customer] [Email_Analysis] [IUCC]
Please find the analysis details for the Alert ID: 377447
Top-10 Src IPs by Packets:
Packets Est. Rate % of Total Src IP
----------------------------------------------------
202018500 673395 22.0% 5.39.217.109
146083500 486945 15.9% 195.160.220.89
106315800 354386 11.6% 31.172.80.90
104950200 349834 11.5% 43.250.53.25
73879200 246264 8.1% 85.17.90.43
66737700 222459 7.3% 84.238.133.38
60324300 201081 6.6% 84.238.133.19
56508300 188361 6.2% 185.204.52.33
50838600 169462 5.5% 185.244.128.79
16005900 53353 1.7% 91.92.144.79
Top-10 Dst IPs by Packets:
Packets Est. Rate % of Total Dst IP
--------------------------------------------------
66600 222 0.0% 147.233.57.99
66000 220 0.0% 147.233.57.156
65700 219 0.0% 147.233.41.186
65700 219 0.0% 147.233.41.185
65400 218 0.0% 147.233.57.251
64200 214 0.0% 147.233.42.211
64200 214 0.0% 147.233.57.39
63900 213 0.0% 147.233.42.29
63900 213 0.0% 147.233.42.73
63600 212 0.0% 147.233.41.216
Top-10 Possible Targets by Bytes:
Src IP Src Port Dst IP Dst Port Sampled Count
-------------------------------------------------------------
5.39.217.109 8888814000
195.160.220.89 6427674000
31.172.80.90 4677895200
43.250.53.25 4617610800
85.17.90.43 3250684800
84.238.133.38 2936458800
84.238.133.19 2654269200
185.204.52.33 2486365200
185.244.128.79 2236898400
91.92.144.79 704259600
Metric Info:
5M SYN Packets/s
Alert Type:
time_window
Alert Description:
High SYN packet rate
Start Time: 2025-07-10 20:21:59
End Time: ongoing
First Event Seen: 2025-07-10 20:19:00
Last Event Seen: 2025-07-10 20:25:00
Further Details:
https://primary.nemo.geant.org/alerts/details/377447/
More information about the Nemo-ddos-list
mailing list