[NeMo-DDoS-List] FW: [Geant NeMo] Analysis for Alert #367234 WARN: IUCC (AS378) - [Email_Analysis] [Customer] [IUCC]

Hank Nussbacher hank at mail.iucc.ac.il
Thu Mar 13 03:09:33 IST 2025 



________________________________________
From: nemo-ddos at host.geant.org <nemo-ddos at host.geant.org>
Sent: Thursday, March 13, 2025 3:09:26 AM (UTC+02:00) Jerusalem
To: soc at geant.org
Subject: [Geant NeMo] Analysis for Alert #367234 WARN: IUCC (AS378) - [Email_Analysis] [Customer] [IUCC]

Please find the analysis details for the Alert ID: 367234

Top-10 Src IPs by Packets:
   Packets   Est. Rate   % of Total           Src IP
---------------------------------------------------
  24610200       82034        49.7%    185.156.73.53
   3818700       12729         7.7%    31.220.80.156
   1538400        5128         3.1%    45.80.215.135
    529200        1764         1.1%     20.29.35.250
    373500        1245         0.8%   15.235.224.239
    372000        1240         0.8%   15.235.227.163
    361800        1206         0.7%    185.91.127.81
    354000        1180         0.7%   15.235.224.227
    345000        1150         0.7%   15.235.224.238
    339000        1130         0.7%    204.76.203.70

Top-10 Dst IPs by Packets:
  Packets   Est. Rate   % of Total            Dst IP
---------------------------------------------------
   189600         632         0.4%    132.70.166.104
   170700         569         0.3%     132.76.230.97
    73200         244         0.1%    17.248.172.171
    45600         152         0.1%      132.68.107.1
    37800         126         0.1%     132.65.240.60
    36000         120         0.1%      132.76.61.54
    30300         101         0.1%      192.114.5.10
    30300         101         0.1%   128.139.225.244
    30000         100         0.1%      132.76.61.53
    24000          80         0.0%      132.68.60.21

Top-10 Possible Targets by Bytes:
          Src IP   Src Port   Dst IP   Dst Port   Sampled Count
-------------------------------------------------------------
   185.156.73.53      47575                           984408000
   185.156.73.53                                      984408000
   31.220.80.156      61234                           152748000
   31.220.80.156                                      152748000
   45.80.215.135                                       61536000
  52.216.184.243        443                            27394800
  52.216.184.243                          47858        27394800
  52.216.184.243                                       27394800
   16.182.103.41        443                            27394800
   16.182.103.41                          41152        27394800

Metric Info:
265k SYN Packets/s

Alert Type:
time_window

Alert Description:
High SYN packet rate

Start Time: 2025-03-13 01:02:59
End Time: ongoing

First Event Seen: 2025-03-13 01:00:00
Last Event Seen: 2025-03-13 01:07:00

Further Details:
https://primary.nemo.geant.org/alerts/details/367234/

More information about the Nemo-ddos-list mailing list