[NeMo-DDoS-List] FW: [Geant NeMo] Analysis for Alert #367621 WARN: IUCC (AS378) - [Email_Analysis] [Customer] [IUCC]

Hank Nussbacher hank at mail.iucc.ac.il
Sun Mar 16 09:14:18 IST 2025 



________________________________________
From: nemo-ddos at host.geant.org <nemo-ddos at host.geant.org>
Sent: Sunday, March 16, 2025 9:14:09 AM (UTC+02:00) Jerusalem
To: soc at geant.org
Subject: [Geant NeMo] Analysis for Alert #367621 WARN: IUCC (AS378) - [Email_Analysis] [Customer] [IUCC]

Please find the analysis details for the Alert ID: 367621

Top-10 Src IPs by Packets:
   Packets   Est. Rate   % of Total           Src IP
---------------------------------------------------
  26230800       87436        50.4%    194.180.49.46
   1565100        5217         3.0%   45.142.193.152
   1521000        5070         2.9%    45.80.215.135
    984600        3282         1.9%    20.221.67.127
    805500        2685         1.5%   172.172.245.62
    623700        2079         1.2%     20.65.193.34
    482700        1609         0.9%   83.222.191.130
    439800        1466         0.8%    185.91.127.81
    405900        1353         0.8%   196.251.84.218
    390000        1300         0.7%     40.119.43.61

Top-10 Dst IPs by Packets:
  Packets   Est. Rate   % of Total            Dst IP
---------------------------------------------------
    92100         307         0.2%      132.76.61.54
    88800         296         0.2%      132.76.61.53
    78000         260         0.1%      192.114.5.10
    54900         183         0.1%   192.114.105.254
    39900         133         0.1%      132.70.66.11
    38400         128         0.1%   128.139.197.119
    30900         103         0.1%    192.114.23.221
    30300         101         0.1%       132.70.66.9
    28200          94         0.1%     132.65.240.60
    27900          93         0.1%      132.70.66.14

Top-10 Possible Targets by Bytes:
          Src IP   Src Port            Dst IP   Dst Port   Sampled Count
----------------------------------------------------------------------
   194.180.49.46      48698                                   1049232000
   194.180.49.46                                              1049232000
  45.142.193.152      32176                                     68864400
  45.142.193.152                                                68864400
   45.80.215.135                                                60840000
                              128.139.197.119                   46168800
    199.5.26.149        443                                     46150800
    199.5.26.149                                   61745        46150800
    199.5.26.149                                                46150800
                        443   128.139.197.119                   46150800

Metric Info:
271k SYN Packets/s

Alert Type:
time_window

Alert Description:
High SYN packet rate

Start Time: 2025-03-16 07:07:58
End Time: ongoing

First Event Seen: 2025-03-16 07:05:00
Last Event Seen: 2025-03-16 07:12:00

Further Details:
https://primary.nemo.geant.org/alerts/details/367621/

More information about the Nemo-ddos-list mailing list