[NeMo-DDoS-List] FW: [Geant NeMo] Analysis for Alert #378517 CRIT: IUCC (AS378) - [Customer] [Email_Analysis] [IUCC]

Tue Jul 22 01:32:13 IDT 2025



________________________________________
From: nemo-ddos at host.geant.org <nemo-ddos at host.geant.org>
Sent: Tuesday, July 22, 2025 1:32:04 AM (UTC+02:00) Jerusalem
To: soc at geant.org
Subject: [Geant NeMo] Analysis for Alert #378517 CRIT: IUCC (AS378) - [Customer] [Email_Analysis] [IUCC]

Please find the analysis details for the Alert ID: 378517

Top-10 Src IPs by Packets:
   Packets   Est. Rate   % of Total            Src IP
----------------------------------------------------
  12321300       41071        21.4%     35.226.27.221
  11543700       38479        20.0%     34.28.207.190
   7362300       24541        12.8%      34.66.88.210
   3637200       12124         6.3%     34.55.102.107
   1405800        4686         2.4%       45.194.66.8
   1239000        4130         2.2%    141.148.59.116
    716100        2387         1.2%   185.191.127.222
    541200        1804         0.9%    47.253.144.138
    417900        1393         0.7%    185.91.127.107
    350100        1167         0.6%    204.76.203.193

Top-10 Dst IPs by Packets:
  Packets   Est. Rate   % of Total          Dst IP
-------------------------------------------------
   512700        1709         0.9%    34.149.152.8
    61500         205         0.1%    132.64.9.220
    61500         205         0.1%    132.64.10.41
    59100         197         0.1%   132.64.10.116
    56700         189         0.1%    132.64.10.23
    56400         188         0.1%   132.64.10.151
    53400         178         0.1%    132.64.9.187
    46800         156         0.1%   35.186.223.74
    46200         154         0.1%    132.64.10.13
    41700         139         0.1%    132.64.10.18

Top-10 Possible Targets by Bytes:
         Src IP   Src Port   Dst IP   Dst Port   Sampled Count
------------------------------------------------------------
  35.226.27.221                                      492852000
  34.28.207.190                                      461748000
   34.66.88.210                                      294492000
  34.28.207.190      56544                           248364000
  34.55.102.107      56646                           145488000
  34.55.102.107                                      145488000
   34.66.88.210      56259                           134760000
  34.28.207.190      56582                           107244000
  34.28.207.190      56586                           106140000
   34.66.88.210      56544                           101220000

Metric Info:
225k SYN Packets/s

Alert Type:
time_window

Alert Description:
High SYN packet rate

Start Time: 2025-07-21 22:26:53
End Time: ongoing

First Event Seen: 2025-07-21 22:24:00
Last Event Seen: 2025-07-21 22:30:00

Further Details:
https://primary.nemo.geant.org/alerts/details/378517/