[NeMo-DDoS-List] FW: [Geant NeMo] Analysis for Alert #365829 CRIT: IUCC (AS378) - [Customer] [IUCC] [Email_Analysis]

Hank Nussbacher hank at mail.iucc.ac.il
Mon Mar 3 13:20:23 IST 2025 



________________________________________
From: nemo-ddos at host.geant.org <nemo-ddos at host.geant.org>
Sent: Monday, March 3, 2025 1:20:12 PM (UTC+02:00) Jerusalem
To: soc at geant.org
Subject: [Geant NeMo] Analysis for Alert #365829 CRIT: IUCC (AS378) - [Customer] [IUCC] [Email_Analysis]

Please find the analysis details for the Alert ID: 365829

Top-10 Src IPs by Packets:
   Packets   Est. Rate   % of Total           Src IP
---------------------------------------------------
  29576100       98587        59.5%    194.180.49.46
    487800        1626         1.0%    185.91.127.81
    417600        1392         0.8%     193.68.89.10
    372600        1242         0.8%   15.235.227.163
    361500        1205         0.7%   15.235.224.227
    349500        1165         0.7%    204.76.203.70
    342900        1143         0.7%     193.68.89.51
    322200        1074         0.6%    141.98.11.128
    289500         965         0.6%   193.41.206.156
    276300         921         0.6%    144.202.82.88

Top-10 Dst IPs by Packets:
  Packets   Est. Rate   % of Total            Dst IP
---------------------------------------------------
   170700         569         0.3%   151.101.128.223
   143400         478         0.3%      192.114.5.10
   113700         379         0.2%      132.76.61.54
   106500         355         0.2%      132.76.61.53
    96000         320         0.2%    132.70.166.104
    88500         295         0.2%     132.76.230.97
    84900         283         0.2%   192.114.105.254
    71700         239         0.1%      132.64.81.16
    54300         181         0.1%   128.139.225.244
    45600         152         0.1%    192.114.91.248

Top-10 Possible Targets by Bytes:
           Src IP   Src Port         Dst IP   Dst Port   Sampled Count
--------------------------------------------------------------------
    194.180.49.46      59687                                1183044000
    194.180.49.46                                           1183044000
    162.125.69.12        443                                 106677600
    162.125.69.12                                63615       106677600
    162.125.69.12                                            106677600
                         443   132.64.81.16                  106677600
                               132.64.81.16      63615       106677600
                               132.64.81.16                  106677600
  199.232.214.172         80                                  95566800
  199.232.214.172                                             95566800

Metric Info:
249k SYN Packets/s

Alert Type:
time_window

Alert Description:
High SYN packet rate

Start Time: 2025-03-03 11:04:54
End Time: ongoing

First Event Seen: 2025-03-03 11:02:00
Last Event Seen: 2025-03-03 11:18:00

Further Details:
https://primary.nemo.geant.org/alerts/details/365829/

More information about the Nemo-ddos-list mailing list