[NeMo-DDoS-List] FW: [Geant NeMo] Analysis for Alert #375757 CRIT: IUCC (AS378) - [Customer] [Email_Analysis] [IUCC]

Sat Jun 14 06:30:37 IDT 2025



________________________________________
From: nemo-ddos at host.geant.org <nemo-ddos at host.geant.org>
Sent: Saturday, June 14, 2025 6:30:31 AM (UTC+02:00) Jerusalem
To: soc at geant.org
Subject: [Geant NeMo] Analysis for Alert #375757 CRIT: IUCC (AS378) - [Customer] [Email_Analysis] [IUCC]

Please find the analysis details for the Alert ID: 375757

Top-10 Src IPs by Packets:
   Packets   Est. Rate   % of Total           Src IP
---------------------------------------------------
  21728700       72429        35.2%     5.182.37.200
  15420600       51402        25.0%   213.246.45.154
   1956900        6523         3.2%   185.242.226.54
   1100100        3667         1.8%   103.153.74.127
    623400        2078         1.0%       69.85.70.6
    600000        2000         1.0%   185.242.226.20
    504900        1683         0.8%    179.43.191.98
    477000        1590         0.8%    89.248.163.67
    358200        1194         0.6%   193.34.212.110
    334800        1116         0.5%   204.76.203.212

Top-10 Dst IPs by Packets:
  Packets   Est. Rate   % of Total           Dst IP
--------------------------------------------------
   159600         532         0.3%    104.22.49.147
   157800         526         0.3%    132.71.160.97
    71100         237         0.1%       132.72.6.1
    68700         229         0.1%    192.117.80.24
    66300         221         0.1%   192.117.80.155
    65100         217         0.1%   192.117.80.114
    63600         212         0.1%   192.117.80.158
    63600         212         0.1%   192.117.80.243
    63300         211         0.1%   192.117.80.100
    63300         211         0.1%   192.117.80.108

Top-10 Possible Targets by Bytes:
          Src IP   Src Port   Dst IP   Dst Port   Sampled Count
-------------------------------------------------------------
    5.182.37.200                                      956062800
  213.246.45.154      44511                           616824000
  213.246.45.154                                      616824000
    5.182.37.200      51337                           372319200
    5.182.37.200      51353                           368253600
    5.182.37.200      51486                           109098000
    5.182.37.200      51470                           106392000
  185.242.226.54                                       86103600
  103.153.74.127      42300                            44004000
  103.153.74.127                                       44004000

Metric Info:
302k SYN Packets/s

Alert Type:
time_window

Alert Description:
High SYN packet rate

Start Time: 2025-06-14 03:25:20
End Time: ongoing

First Event Seen: 2025-06-14 03:23:00
Last Event Seen: 2025-06-14 03:29:00

Further Details:
https://primary.nemo.geant.org/alerts/details/375757/