[NeMo-DDoS-List] FW: [Geant NeMo] Analysis for Alert #376368 CRIT: IUCC (AS378) - [Customer] [Email_Analysis] [IUCC]
Hank Nussbacher
hank at mail.iucc.ac.il
Tue Jun 24 04:01:38 IDT 2025
________________________________________
From: nemo-ddos at host.geant.org <nemo-ddos at host.geant.org>
Sent: Tuesday, June 24, 2025 4:01:32 AM (UTC+02:00) Jerusalem
To: soc at geant.org
Subject: [Geant NeMo] Analysis for Alert #376368 CRIT: IUCC (AS378) - [Customer] [Email_Analysis] [IUCC]
Please find the analysis details for the Alert ID: 376368
Top-10 Src IPs by Packets:
Packets Est. Rate % of Total Src IP
---------------------------------------------------
79270800 264236 20.7% 62.204.42.124
65403900 218013 17.1% 31.172.80.90
40888200 136294 10.7% 84.238.133.19
40134000 133780 10.5% 5.39.217.109
29088900 96963 7.6% 185.244.128.79
24716400 82388 6.5% 84.238.133.38
21953400 73178 5.7% 43.250.53.25
20853000 69510 5.4% 195.160.220.89
18274500 60915 4.8% 85.17.90.43
6244200 20814 1.6% 91.235.234.48
Top-10 Dst IPs by Packets:
Packets Est. Rate % of Total Dst IP
--------------------------------------------------
108900 363 0.0% 132.64.244.236
79800 266 0.0% 128.139.3.208
74700 249 0.0% 128.139.14.231
72900 243 0.0% 128.139.14.11
72300 241 0.0% 128.139.14.5
71700 239 0.0% 128.139.7.92
71400 238 0.0% 128.139.14.241
66900 223 0.0% 128.139.7.70
64800 216 0.0% 128.139.14.211
64200 214 0.0% 128.139.7.176
Top-10 Possible Targets by Bytes:
Src IP Src Port Dst IP Dst Port Sampled Count
-------------------------------------------------------------
62.204.42.124 3487915200
31.172.80.90 2877771600
84.238.133.19 1799080800
5.39.217.109 1765896000
185.244.128.79 1279911600
84.238.133.38 1087521600
43.250.53.25 965949600
195.160.220.89 917532000
85.17.90.43 804078000
62.204.42.124 46432 725168400
Metric Info:
5M SYN Packets/s
Alert Type:
time_window
Alert Description:
High SYN packet rate
Start Time: 2025-06-24 00:56:19
End Time: ongoing
First Event Seen: 2025-06-24 00:54:00
Last Event Seen: 2025-06-24 01:00:00
Further Details:
https://primary.nemo.geant.org/alerts/details/376368/
More information about the Nemo-ddos-list
mailing list