[NeMo-DDoS-List] FW: [Geant NeMo] Analysis for Alert #367209 WARN: IUCC (AS378) - [Email_Analysis] [Customer] [IUCC]

Hank Nussbacher hank at mail.iucc.ac.il
Wed Mar 12 19:20:25 IST 2025 



________________________________________
From: nemo-ddos at host.geant.org <nemo-ddos at host.geant.org>
Sent: Wednesday, March 12, 2025 7:20:16 PM (UTC+02:00) Jerusalem
To: soc at geant.org
Subject: [Geant NeMo] Analysis for Alert #367209 WARN: IUCC (AS378) - [Email_Analysis] [Customer] [IUCC]

Please find the analysis details for the Alert ID: 367209

Top-10 Src IPs by Packets:
   Packets   Est. Rate   % of Total                 Src IP
---------------------------------------------------------
  24922800       83076         6.0%        142.250.180.155
  22102500       73675         5.4%        142.251.143.123
  20376600       67922         4.9%        142.250.180.187
  20108100       67027         4.9%         216.58.204.251
  18332700       61109         4.4%         142.251.209.59
  18244800       60816         4.4%          216.58.205.59
  15421500       51405         3.7%         142.251.209.42
  12673200       42244         3.1%         142.251.209.27
  11904600       39682         2.9%   2001:bf8:900:d:2::71
  11142000       37140         2.7%          34.104.35.123

Top-10 Dst IPs by Packets:
   Packets   Est. Rate   % of Total            Dst IP
----------------------------------------------------
  60420600      201402        14.6%      132.76.221.9
  28500900       95003         6.9%    132.76.221.210
  27597600       91992         6.7%     132.76.220.85
  19858200       66194         4.8%      132.64.60.15
  19803300       66011         4.8%    132.76.221.145
  15873000       52910         3.8%      192.114.5.10
   9515100       31717         2.3%     132.66.37.140
   9417300       31391         2.3%      132.76.61.53
   9336300       31121         2.3%   128.139.225.244
   8819100       29397         2.1%      132.76.61.54

Top-10 Possible Targets by Bytes:
           Src IP   Src Port           Dst IP   Dst Port   Sampled Count
----------------------------------------------------------------------
                         443     132.76.221.9                86694256200
                                 132.76.221.9                86694256200
                         443   132.76.221.210                40774584600
                               132.76.221.210                40774584600
                         443    132.76.220.85                39578577900
                                132.76.220.85                39578577900
  142.250.180.155        443                                 35505411900
  142.250.180.155                                            35505411900
  142.251.143.123        443                                 31752755400
  142.251.143.123                                            31752755400

Metric Info:
1M ACK Packets/s

Alert Type:
time_window

Alert Description:
High ACK packet rate

Start Time: 2025-03-12 17:12:05
End Time: ongoing

First Event Seen: 2025-03-12 17:09:00
Last Event Seen: 2025-03-12 17:16:00

Further Details:
https://primary.nemo.geant.org/alerts/details/367209/

More information about the Nemo-ddos-list mailing list