[NeMo-DDoS-List] FW: [Geant NeMo] Analysis for Alert #365960 CRIT: IUCC (AS378) - [Customer] [IUCC] [Email_Analysis]

Tue Mar 4 06:02:08 IST 2025



________________________________________
From: nemo-ddos at host.geant.org <nemo-ddos at host.geant.org>
Sent: Tuesday, March 4, 2025 6:02:02 AM (UTC+02:00) Jerusalem
To: soc at geant.org
Subject: [Geant NeMo] Analysis for Alert #365960 CRIT: IUCC (AS378) - [Customer] [IUCC] [Email_Analysis]

Please find the analysis details for the Alert ID: 365960

Top-10 Src IPs by Packets:
   Packets   Est. Rate   % of Total           Src IP
---------------------------------------------------
  38217900      127393        65.6%    83.222.191.62
   1012200        3374         1.7%   185.242.226.49
    645000        2150         1.1%    20.84.145.169
    529800        1766         0.9%    45.142.193.71
    525600        1752         0.9%    185.91.127.81
    470100        1567         0.8%     193.68.89.10
    396300        1321         0.7%   15.235.227.163
    388800        1296         0.7%   15.235.224.227
    373800        1246         0.6%   15.235.224.238
    341100        1137         0.6%   15.235.224.239

Top-10 Dst IPs by Packets:
  Packets   Est. Rate   % of Total           Dst IP
--------------------------------------------------
    53400         178         0.1%   132.68.133.130
    48000         160         0.1%    104.22.48.147
    42300         141         0.1%    132.65.240.60
    34800         116         0.1%     132.76.61.54
    34200         114         0.1%     192.114.5.10
    33900         113         0.1%    132.71.160.97
    31200         104         0.1%     132.76.61.53
    26400          88         0.0%    192.114.1.187
    18000          60         0.0%       132.72.6.1
    16500          55         0.0%    104.22.49.147

Top-10 Possible Targets by Bytes:
          Src IP   Src Port           Dst IP   Dst Port   Sampled Count
---------------------------------------------------------------------
   83.222.191.62      59825                                  1528716000
   83.222.191.62                                             1528716000
                        443   132.68.133.130                   79375800
                              132.68.133.130                   79375800
   23.246.51.133        443                                    63625800
   23.246.51.133                                  53675        63625800
   23.246.51.133                                               63625800
                              132.68.133.130      53675        63625800
  185.242.226.49                                   5083        44536800
  185.242.226.49                                               44536800

Metric Info:
267k SYN Packets/s

Alert Type:
time_window

Alert Description:
High SYN packet rate

Start Time: 2025-03-04 03:46:48
End Time: ongoing

First Event Seen: 2025-03-04 03:44:00
Last Event Seen: 2025-03-04 04:00:00

Further Details:
https://primary.nemo.geant.org/alerts/details/365960/