[NeMo-DDoS-List] FW: [Geant NeMo] Analysis for Alert #376385 CRIT: IUCC (AS378) - [Customer] [Email_Analysis] [IUCC]

Hank Nussbacher hank at mail.iucc.ac.il
Tue Jun 24 07:06:55 IDT 2025




________________________________________
From: nemo-ddos at host.geant.org <nemo-ddos at host.geant.org>
Sent: Tuesday, June 24, 2025 7:06:49 AM (UTC+02:00) Jerusalem
To: soc at geant.org
Subject: [Geant NeMo] Analysis for Alert #376385 CRIT: IUCC (AS378) - [Customer] [Email_Analysis] [IUCC]

Please find the analysis details for the Alert ID: 376385

Top-10 Src IPs by Packets:
    Packets   Est. Rate   % of Total           Src IP
----------------------------------------------------
  110643600      368812        16.8%    62.204.42.124
  102466800      341556        15.6%     31.172.80.90
   68569500      228565        10.4%     43.250.53.25
   65304600      217682         9.9%   195.160.220.89
   64725900      215753         9.9%     5.39.217.109
   44834400      149448         6.8%    84.238.133.19
   42573300      141911         6.5%      85.17.90.43
   38557800      128526         5.9%   185.244.128.79
   20863200       69544         3.2%    91.235.234.48
   17951400       59838         2.7%    185.204.52.33

Top-10 Dst IPs by Packets:
  Packets   Est. Rate   % of Total           Dst IP
--------------------------------------------------
    77400         258         0.0%    147.233.4.225
    67200         224         0.0%    147.233.11.90
    66600         222         0.0%    147.233.0.127
    66000         220         0.0%    147.233.0.240
    66000         220         0.0%     147.233.0.78
    66000         220         0.0%    147.233.11.72
    65700         219         0.0%    147.233.0.233
    65400         218         0.0%   147.233.34.226
    64800         216         0.0%    147.233.11.32
    64500         215         0.0%    147.233.0.117

Top-10 Possible Targets by Bytes:
          Src IP   Src Port   Dst IP   Dst Port   Sampled Count
-------------------------------------------------------------
   62.204.42.124                                     4868318400
    31.172.80.90                                     4508539200
    43.250.53.25                                     3017058000
  195.160.220.89                                     2873402400
    5.39.217.109                                     2847939600
   84.238.133.19                                     1972713600
     85.17.90.43                                     1873225200
  185.244.128.79                                     1696543200
   91.235.234.48                                      917980800
   185.204.52.33                                      789861600

Metric Info:
5M SYN Packets/s

Alert Type:
time_window

Alert Description:
High SYN packet rate

Start Time: 2025-06-24 04:01:28
End Time: ongoing

First Event Seen: 2025-06-24 03:59:00
Last Event Seen: 2025-06-24 04:05:00

Further Details:
https://primary.nemo.geant.org/alerts/details/376385/


More information about the Nemo-ddos-list mailing list