[NeMo-DDoS-List] FW: [Geant NeMo] Analysis for Alert #366981 CRIT: IUCC (AS378) - [Customer] [Email_Analysis] [IUCC]

Tue Mar 11 00:45:26 IST 2025



________________________________________
From: nemo-ddos at host.geant.org <nemo-ddos at host.geant.org>
Sent: Tuesday, March 11, 2025 12:45:19 AM (UTC+02:00) Jerusalem
To: soc at geant.org
Subject: [Geant NeMo] Analysis for Alert #366981 CRIT: IUCC (AS378) - [Customer] [Email_Analysis] [IUCC]

Please find the analysis details for the Alert ID: 366981

Top-10 Src IPs by Packets:
   Packets   Est. Rate   % of Total           Src IP
---------------------------------------------------
  27339600       91132        54.4%   185.156.109.45
   1549200        5164         3.1%    45.80.215.135
    864300        2881         1.7%     13.89.125.31
    792600        2642         1.6%     20.98.141.43
    753600        2512         1.5%      46.17.96.38
    648000        2160         1.3%   128.203.203.11
    578400        1928         1.1%     80.75.221.38
    574800        1916         1.1%   83.222.191.130
    498900        1663         1.0%    185.242.226.4
    381600        1272         0.8%   15.235.227.163

Top-10 Dst IPs by Packets:
  Packets   Est. Rate   % of Total           Dst IP
--------------------------------------------------
   301500        1005         0.6%    132.76.230.97
   283500         945         0.6%   132.70.166.104
    79500         265         0.2%    128.139.0.115
    76200         254         0.2%    128.139.0.193
    75600         252         0.2%    128.139.0.195
    72900         243         0.1%    128.139.0.230
    71700         239         0.1%     128.139.0.37
    71100         237         0.1%      128.139.0.3
    69600         232         0.1%    128.139.0.119
    69300         231         0.1%     128.139.0.63

Top-10 Possible Targets by Bytes:
          Src IP   Src Port   Dst IP   Dst Port   Sampled Count
-------------------------------------------------------------
  185.156.109.45                                     1202942400
  185.156.109.45      45640                           372411600
  185.156.109.45      45624                           367184400
  185.156.109.45      45766                           231752400
  185.156.109.45      45782                           231594000
   45.80.215.135                                       61968000
    80.75.221.38       7777                            45910200
    80.75.221.38                                       45910200
    13.89.125.31                          11740        34572000
    13.89.125.31                                       34572000

Metric Info:
213k SYN Packets/s

Alert Type:
time_window

Alert Description:
High SYN packet rate

Start Time: 2025-03-10 22:30:07
End Time: ongoing

First Event Seen: 2025-03-10 22:27:00
Last Event Seen: 2025-03-10 22:43:00

Further Details:
https://primary.nemo.geant.org/alerts/details/366981/