[NeMo-DDoS-List] FW: [Geant NeMo] Analysis for Alert #365959 WARN: IUCC (AS378) - [Customer] [IUCC] [Email_Analysis]

Hank Nussbacher hank at mail.iucc.ac.il
Tue Mar 4 05:52:07 IST 2025 



________________________________________
From: nemo-ddos at host.geant.org <nemo-ddos at host.geant.org>
Sent: Tuesday, March 4, 2025 5:52:00 AM (UTC+02:00) Jerusalem
To: soc at geant.org
Subject: [Geant NeMo] Analysis for Alert #365959 WARN: IUCC (AS378) - [Customer] [IUCC] [Email_Analysis]

Please find the analysis details for the Alert ID: 365959

Top-10 Src IPs by Packets:
   Packets   Est. Rate   % of Total           Src IP
---------------------------------------------------
  27108300       90361        58.1%    83.222.191.62
   1012200        3374         2.2%   185.242.226.49
    522000        1740         1.1%    185.91.127.81
    468900        1563         1.0%     193.68.89.10
    467700        1559         1.0%    45.142.193.71
    442500        1475         0.9%    20.84.145.169
    381600        1272         0.8%   15.235.227.163
    360000        1200         0.8%   15.235.224.227
    350700        1169         0.8%   15.235.224.238
    336600        1122         0.7%   15.235.224.239

Top-10 Dst IPs by Packets:
  Packets   Est. Rate   % of Total           Dst IP
--------------------------------------------------
    60600         202         0.1%   132.68.133.130
    45900         153         0.1%    104.22.48.147
    40800         136         0.1%    132.65.240.60
    34200         114         0.1%    132.71.160.97
    33900         113         0.1%     192.114.5.10
    33000         110         0.1%     132.76.61.54
    30300         101         0.1%     132.76.61.53
    28200          94         0.1%    192.114.1.187
    17100          57         0.0%    104.22.49.147
    16800          56         0.0%       132.72.6.1

Top-10 Possible Targets by Bytes:
          Src IP   Src Port           Dst IP   Dst Port   Sampled Count
---------------------------------------------------------------------
   83.222.191.62      59825                                  1084332000
   83.222.191.62                                             1084332000
                        443   132.68.133.130                   90175800
                              132.68.133.130                   90175800
   23.246.51.133        443                                    46075800
   23.246.51.133                                  53675        46075800
   23.246.51.133                                               46075800
                              132.68.133.130      53675        46075800
  185.242.226.49                                   5083        44536800
  185.242.226.49                                               44536800

Metric Info:
294k SYN Packets/s, 394k ACK Packets/s

Alert Type:
time_window

Alert Description:
Abnormal SYN:ACK packet ratio

Start Time: 2025-03-04 03:45:49
End Time: ongoing

First Event Seen: 2025-03-04 03:43:00
Last Event Seen: 2025-03-04 03:50:00

Further Details:
https://primary.nemo.geant.org/alerts/details/365959/

More information about the Nemo-ddos-list mailing list