[NeMo-DDoS-List] FW: [Geant NeMo] Analysis for Alert #368494 WARN: IUCC (AS378) - [Email_Analysis] [Customer] [IUCC]
Hank Nussbacher
hank at mail.iucc.ac.il
Sun Mar 23 02:34:34 IST 2025
________________________________________
From: nemo-ddos at host.geant.org <nemo-ddos at host.geant.org>
Sent: Sunday, March 23, 2025 2:34:25 AM (UTC+02:00) Jerusalem
To: soc at geant.org
Subject: [Geant NeMo] Analysis for Alert #368494 WARN: IUCC (AS378) - [Email_Analysis] [Customer] [IUCC]
Please find the analysis details for the Alert ID: 368494
Top-10 Src IPs by Packets:
Packets Est. Rate % of Total Src IP
---------------------------------------------------
2126100 7087 5.1% 104.152.52.109
2114700 7049 5.1% 104.152.52.230
2087100 6957 5.0% 104.152.52.160
2060100 6867 4.9% 104.152.52.103
1724100 5747 4.1% 185.242.226.44
1505700 5019 3.6% 45.80.215.135
1322700 4409 3.2% 104.152.52.212
1048200 3494 2.5% 104.152.52.114
1015500 3385 2.4% 104.152.52.234
987900 3293 2.4% 172.171.245.204
Top-10 Dst IPs by Packets:
Packets Est. Rate % of Total Dst IP
---------------------------------------------------
472200 1574 1.1% 132.68.74.52
175500 585 0.4% 132.76.230.97
168900 563 0.4% 132.70.166.104
69300 231 0.2% 132.66.148.35
49500 165 0.1% 132.76.61.54
45300 151 0.1% 132.68.147.103
38100 127 0.1% 132.76.61.53
36600 122 0.1% 132.65.240.60
32700 109 0.1% 128.139.225.245
32700 109 0.1% 192.114.52.12
Top-10 Possible Targets by Bytes:
Src IP Src Port Dst IP Dst Port Sampled Count
---------------------------------------------------------------------
199.232.210.172 80 98449200
199.232.210.172 98449200
199.232.210.172 49839 98406000
80 132.66.148.35 98406000
132.66.148.35 49839 98406000
132.66.148.35 98406000
104.152.52.109 49234 85044000
104.152.52.109 85044000
104.152.52.160 49123 83484000
104.152.52.160 83484000
Metric Info:
289k SYN Packets/s
Alert Type:
time_window
Alert Description:
High SYN packet rate
Start Time: 2025-03-23 00:22:14
End Time: ongoing
First Event Seen: 2025-03-23 00:20:00
Last Event Seen: 2025-03-23 00:33:00
Further Details:
https://primary.nemo.geant.org/alerts/details/368494/
More information about the Nemo-ddos-list
mailing list