[NeMo-DDoS-List] FW: [Geant NeMo] Analysis for Alert #376385 CRIT: IUCC (AS378) - [Customer] [Email_Analysis] [IUCC]
Hank Nussbacher
hank at mail.iucc.ac.il
Tue Jun 24 07:06:55 IDT 2025
________________________________________
From: nemo-ddos at host.geant.org <nemo-ddos at host.geant.org>
Sent: Tuesday, June 24, 2025 7:06:49 AM (UTC+02:00) Jerusalem
To: soc at geant.org
Subject: [Geant NeMo] Analysis for Alert #376385 CRIT: IUCC (AS378) - [Customer] [Email_Analysis] [IUCC]
Please find the analysis details for the Alert ID: 376385
Top-10 Src IPs by Packets:
Packets Est. Rate % of Total Src IP
----------------------------------------------------
110643600 368812 16.8% 62.204.42.124
102466800 341556 15.6% 31.172.80.90
68569500 228565 10.4% 43.250.53.25
65304600 217682 9.9% 195.160.220.89
64725900 215753 9.9% 5.39.217.109
44834400 149448 6.8% 84.238.133.19
42573300 141911 6.5% 85.17.90.43
38557800 128526 5.9% 185.244.128.79
20863200 69544 3.2% 91.235.234.48
17951400 59838 2.7% 185.204.52.33
Top-10 Dst IPs by Packets:
Packets Est. Rate % of Total Dst IP
--------------------------------------------------
77400 258 0.0% 147.233.4.225
67200 224 0.0% 147.233.11.90
66600 222 0.0% 147.233.0.127
66000 220 0.0% 147.233.0.240
66000 220 0.0% 147.233.0.78
66000 220 0.0% 147.233.11.72
65700 219 0.0% 147.233.0.233
65400 218 0.0% 147.233.34.226
64800 216 0.0% 147.233.11.32
64500 215 0.0% 147.233.0.117
Top-10 Possible Targets by Bytes:
Src IP Src Port Dst IP Dst Port Sampled Count
-------------------------------------------------------------
62.204.42.124 4868318400
31.172.80.90 4508539200
43.250.53.25 3017058000
195.160.220.89 2873402400
5.39.217.109 2847939600
84.238.133.19 1972713600
85.17.90.43 1873225200
185.244.128.79 1696543200
91.235.234.48 917980800
185.204.52.33 789861600
Metric Info:
5M SYN Packets/s
Alert Type:
time_window
Alert Description:
High SYN packet rate
Start Time: 2025-06-24 04:01:28
End Time: ongoing
First Event Seen: 2025-06-24 03:59:00
Last Event Seen: 2025-06-24 04:05:00
Further Details:
https://primary.nemo.geant.org/alerts/details/376385/
More information about the Nemo-ddos-list
mailing list