[NeMo-DDoS-List] FW: [Geant NeMo] Analysis for Alert #368887 WARN: IUCC (AS378) - [Email_Analysis] [Customer] [IUCC]

Wed Mar 26 01:03:39 IST 2025



________________________________________
From: nemo-ddos at host.geant.org <nemo-ddos at host.geant.org>
Sent: Wednesday, March 26, 2025 1:03:24 AM (UTC+02:00) Jerusalem
To: soc at geant.org
Subject: [Geant NeMo] Analysis for Alert #368887 WARN: IUCC (AS378) - [Email_Analysis] [Customer] [IUCC]

Please find the analysis details for the Alert ID: 368887

Top-10 Src IPs by Packets:
   Packets   Est. Rate   % of Total           Src IP
---------------------------------------------------
  11701800       39006        35.3%    193.200.78.21
   1038000        3460         3.1%    45.80.215.135
    997500        3325         3.0%     20.171.29.66
    795300        2651         2.4%    20.98.142.156
    637200        2124         1.9%      20.168.0.84
    562200        1874         1.7%     45.235.99.88
    561900        1873         1.7%   20.169.106.193
    452400        1508         1.4%   146.70.225.180
    397800        1326         1.2%    20.64.106.151
    392100        1307         1.2%     152.67.8.198

Top-10 Dst IPs by Packets:
  Packets   Est. Rate   % of Total            Dst IP
---------------------------------------------------
   297000         990         0.9%    132.70.166.104
   281400         938         0.8%     132.76.230.97
   223800         746         0.7%     132.65.164.49
   141000         470         0.4%     132.66.238.77
   128100         427         0.4%   128.139.225.244
   118500         395         0.4%     192.114.52.14
    53100         177         0.2%        3.5.217.39
    48900         163         0.1%   192.114.110.136
    45600         152         0.1%   192.114.110.135
    44700         149         0.1%      132.76.61.54

Top-10 Possible Targets by Bytes:
           Src IP   Src Port          Dst IP   Dst Port   Sampled Count
---------------------------------------------------------------------
    193.200.78.21                                             468072000
    193.200.78.21      43235                                  347316000
      16.12.10.10        443                                  329007600
      16.12.10.10                                 38322       329007600
      16.12.10.10                                             329007600
                         443   132.65.164.49                  329007600
                               132.65.164.49      38322       329007600
                               132.65.164.49                  329007600
  199.232.210.172         80                                  202889400
  199.232.210.172                                             201307200

Metric Info:
148k SYN Packets/s

Alert Type:
time_window

Alert Description:
High SYN packet rate

Start Time: 2025-03-25 22:56:22
End Time: ongoing

First Event Seen: 2025-03-25 22:53:00
Last Event Seen: 2025-03-25 23:02:00

Further Details:
https://primary.nemo.geant.org/alerts/details/368887/