[NeMo-DDoS-List] FW: [Geant NeMo] Analysis for Alert #376119 CRIT: IUCC (AS378) - [Customer] [Email_Analysis] [IUCC]

Thu Jun 19 15:24:52 IDT 2025



________________________________________
From: nemo-ddos at host.geant.org <nemo-ddos at host.geant.org>
Sent: Thursday, June 19, 2025 3:24:41 PM (UTC+02:00) Jerusalem
To: soc at geant.org
Subject: [Geant NeMo] Analysis for Alert #376119 CRIT: IUCC (AS378) - [Customer] [Email_Analysis] [IUCC]

Please find the analysis details for the Alert ID: 376119

Top-10 Src IPs by Packets:
   Packets   Est. Rate   % of Total           Src IP
---------------------------------------------------
  32256600      107522        60.6%    185.224.3.237
   4257300       14191         8.0%   103.174.130.24
    480300        1601         0.9%    89.248.163.67
    333000        1110         0.6%   193.34.212.110
    324000        1080         0.6%   185.218.84.178
    287400         958         0.5%   15.235.224.239
    287100         957         0.5%   15.235.227.163
    286500         955         0.5%   15.235.224.238
    278700         929         0.5%   15.235.224.227
    274200         914         0.5%    185.91.127.81

Top-10 Dst IPs by Packets:
  Packets   Est. Rate   % of Total            Dst IP
---------------------------------------------------
   216600         722         0.4%      3.164.182.66
   124500         415         0.2%    192.114.23.221
    51300         171         0.1%      192.114.2.46
    40200         134         0.1%    132.70.166.104
    39300         131         0.1%     132.76.230.97
    32700         109         0.1%   128.139.225.244
    27000          90         0.1%      192.114.5.10
    23400          78         0.0%      132.76.61.51
    23400          78         0.0%    52.222.144.118
    18600          62         0.0%     132.65.240.60

Top-10 Possible Targets by Bytes:
           Src IP   Src Port         Dst IP   Dst Port   Sampled Count
--------------------------------------------------------------------
    185.224.3.237                                           1419290400
    185.224.3.237      55375                                 686690400
    185.224.3.237      55391                                 682968000
   103.174.130.24      52383                                 170292000
   103.174.130.24                                            170292000
                               192.114.2.46                   65330400
  199.232.214.172         80                                  65328000
  199.232.214.172                                             65328000
                          80   192.114.2.46                   65312400
  199.232.214.172                                60480        54864000

Metric Info:
292k SYN Packets/s

Alert Type:
time_window

Alert Description:
High SYN packet rate

Start Time: 2025-06-19 12:19:25
End Time: ongoing

First Event Seen: 2025-06-19 12:17:00
Last Event Seen: 2025-06-19 12:23:00

Further Details:
https://primary.nemo.geant.org/alerts/details/376119/