[NeMo-DDoS-List] FW: [Geant NeMo] Analysis for Alert #376395 CRIT: IUCC (AS378) - [Customer] [Email_Analysis] [IUCC]
Hank Nussbacher
hank at mail.iucc.ac.il
Tue Jun 24 09:45:47 IDT 2025
________________________________________
From: nemo-ddos at host.geant.org <nemo-ddos at host.geant.org>
Sent: Tuesday, June 24, 2025 9:45:41 AM (UTC+02:00) Jerusalem
To: soc at geant.org
Subject: [Geant NeMo] Analysis for Alert #376395 CRIT: IUCC (AS378) - [Customer] [Email_Analysis] [IUCC]
Please find the analysis details for the Alert ID: 376395
Top-10 Src IPs by Packets:
Packets Est. Rate % of Total Src IP
---------------------------------------------------
69804000 232680 21.5% 5.39.217.109
48517800 161726 14.9% 62.204.42.124
32303700 107679 9.9% 84.238.133.19
30028200 100094 9.2% 195.160.220.89
26297400 87658 8.1% 85.17.90.43
23973000 79910 7.4% 84.238.133.38
16798200 55994 5.2% 31.172.80.90
16149000 53830 5.0% 185.204.52.33
14914500 49715 4.6% 91.235.234.48
7276200 24254 2.2% 43.250.53.25
Top-10 Dst IPs by Packets:
Packets Est. Rate % of Total Dst IP
-------------------------------------------------
95400 318 0.0% 132.76.230.97
72300 241 0.0% 192.114.51.85
70800 236 0.0% 192.114.5.19
70500 235 0.0% 192.114.5.70
70200 234 0.0% 192.114.5.254
69600 232 0.0% 192.114.5.52
69300 231 0.0% 192.114.5.189
68700 229 0.0% 192.114.5.99
68100 227 0.0% 192.114.2.111
68100 227 0.0% 192.114.5.171
Top-10 Possible Targets by Bytes:
Src IP Src Port Dst IP Dst Port Sampled Count
-------------------------------------------------------------
5.39.217.109 3071376000
62.204.42.124 2134783200
84.238.133.19 1421362800
195.160.220.89 1321240800
85.17.90.43 1157085600
84.238.133.38 1054812000
31.172.80.90 739120800
185.204.52.33 710556000
91.235.234.48 656238000
62.204.42.124 47044 372886800
Metric Info:
2M SYN Packets/s
Alert Type:
time_window
Alert Description:
High SYN packet rate
Start Time: 2025-06-24 06:40:23
End Time: ongoing
First Event Seen: 2025-06-24 06:38:00
Last Event Seen: 2025-06-24 06:44:00
Further Details:
https://primary.nemo.geant.org/alerts/details/376395/
More information about the Nemo-ddos-list
mailing list