[NeMo-DDoS-List] FW: [Geant NeMo] Analysis for Alert #366677 WARN: IUCC (AS378) - [Customer] [Email_Analysis] [IUCC]

Sat Mar 8 23:29:28 IST 2025



________________________________________
From: nemo-ddos at host.geant.org <nemo-ddos at host.geant.org>
Sent: Saturday, March 8, 2025 11:29:23 PM (UTC+02:00) Jerusalem
To: soc at geant.org
Subject: [Geant NeMo] Analysis for Alert #366677 WARN: IUCC (AS378) - [Customer] [Email_Analysis] [IUCC]

Please find the analysis details for the Alert ID: 366677

Top-10 Src IPs by Packets:
   Packets   Est. Rate   % of Total            Src IP
----------------------------------------------------
  66002100      220007        79.3%     83.222.191.62
    962100        3207         1.2%   118.123.105.105
    827100        2757         1.0%   128.203.204.103
    357600        1192         0.4%    132.74.189.143
    318900        1063         0.4%     204.76.203.70
    299400         998         0.4%     185.91.127.81
    268200         894         0.3%     37.75.245.226
    255000         850         0.3%     154.81.156.10
    253200         844         0.3%    45.142.193.152
    223800         746         0.3%    193.41.206.156

Top-10 Dst IPs by Packets:
   Packets   Est. Rate   % of Total            Dst IP
----------------------------------------------------
  64163700      213879        77.1%    132.74.189.143
    175800         586         0.2%       132.68.1.97
     95700         319         0.1%   128.139.225.244
     91200         304         0.1%      132.76.61.54
     74100         247         0.1%      132.76.61.53
     60600         202         0.1%      192.114.5.10
     53400         178         0.1%     104.22.49.147
     44400         148         0.1%     132.71.160.97
     35400         118         0.0%     132.65.240.60
     34800         116         0.0%       172.67.24.1

Top-10 Possible Targets by Bytes:
           Src IP   Src Port           Dst IP   Dst Port   Sampled Count
----------------------------------------------------------------------
                               132.74.189.143                 3859912200
                               132.74.189.143         80      3834732600
                          80   132.74.189.143                 3339612000
    83.222.191.62      59825                                  2640084000
    83.222.191.62                                             2640084000
  118.123.105.105                                   8032        50029200
  118.123.105.105                                               50029200
  128.203.204.103                                   5901        33084000
  128.203.204.103                                               33084000
   132.74.189.143                                               22017000

Metric Info:
1M SYN Packets/s

Alert Type:
time_window

Alert Description:
High SYN packet rate

Start Time: 2025-03-08 21:21:09
End Time: ongoing

First Event Seen: 2025-03-08 21:18:00
Last Event Seen: 2025-03-08 21:27:00

Further Details:
https://primary.nemo.geant.org/alerts/details/366677/