[NeMo-DDoS-List] FW: [Geant NeMo] Analysis for Alert #368011 CRIT: IUCC (AS378) - [Email_Analysis] [Customer] [IUCC]

Wed Mar 19 08:44:38 IST 2025



________________________________________
From: nemo-ddos at host.geant.org <nemo-ddos at host.geant.org>
Sent: Wednesday, March 19, 2025 8:44:33 AM (UTC+02:00) Jerusalem
To: soc at geant.org
Subject: [Geant NeMo] Analysis for Alert #368011 CRIT: IUCC (AS378) - [Email_Analysis] [Customer] [IUCC]

Please find the analysis details for the Alert ID: 368011

Top-10 Src IPs by Packets:
   Packets   Est. Rate   % of Total           Src IP
---------------------------------------------------
  29727000       99090        57.9%    194.180.49.46
   2890200        9634         5.6%    45.80.215.135
    989700        3299         1.9%   121.141.250.50
    553200        1844         1.1%    61.147.209.31
    537000        1790         1.0%    185.91.127.81
    456600        1522         0.9%     52.97.186.18
    418800        1396         0.8%   83.222.191.182
    405900        1353         0.8%   83.222.191.162
    309900        1033         0.6%    204.76.203.70
    274800         916         0.5%     20.54.76.163

Top-10 Dst IPs by Packets:
  Packets   Est. Rate   % of Total            Dst IP
---------------------------------------------------
   495300        1651         1.0%     132.72.34.126
   104100         347         0.2%    199.232.82.172
    74100         247         0.1%   199.232.214.172
    73800         246         0.1%      132.76.61.54
    66000         220         0.1%      132.76.61.53
    56700         189         0.1%      192.114.5.10
    49200         164         0.1%     132.72.54.163
    46800         156         0.1%   192.114.105.254
    43200         144         0.1%    192.114.23.230
    36000         120         0.1%     132.65.240.60

Top-10 Possible Targets by Bytes:
          Src IP   Src Port          Dst IP   Dst Port   Sampled Count
--------------------------------------------------------------------
   194.180.49.46      45552                                 1189080000
   194.180.49.46                                            1189080000
                        443   132.72.34.126                  694591500
                              132.72.34.126                  694591500
    52.97.186.18        443                                  640456800
    52.97.186.18                                             640456800
    52.97.186.18                                 52364       640410000
                              132.72.34.126      52364       640410000
  199.232.82.172         80                                  125139000
  199.232.82.172                                             125139000

Metric Info:
236k SYN Packets/s

Alert Type:
time_window

Alert Description:
High SYN packet rate

Start Time: 2025-03-19 06:29:17
End Time: ongoing

First Event Seen: 2025-03-19 06:27:00
Last Event Seen: 2025-03-19 06:43:00

Further Details:
https://primary.nemo.geant.org/alerts/details/368011/