[NeMo-DDoS-List] FW: [Geant NeMo] Analysis for Alert #369091 WARN: IUCC (AS378) - [Email_Analysis] [Customer] [IUCC]

Hank Nussbacher hank at mail.iucc.ac.il
Fri Mar 28 11:40:24 IDT 2025 



________________________________________
From: nemo-ddos at host.geant.org <nemo-ddos at host.geant.org>
Sent: Friday, March 28, 2025 11:40:12 AM (UTC+02:00) Jerusalem
To: soc at geant.org
Subject: [Geant NeMo] Analysis for Alert #369091 WARN: IUCC (AS378) - [Email_Analysis] [Customer] [IUCC]

Please find the analysis details for the Alert ID: 369091

Top-10 Src IPs by Packets:
  Packets   Est. Rate   % of Total           Src IP
--------------------------------------------------
  2884800        9616         6.6%   104.152.52.219
  2737200        9124         6.3%     185.7.214.66
  2720100        9067         6.2%     92.255.57.94
  2704500        9015         6.2%     92.255.57.96
  2700600        9002         6.2%     92.255.57.91
  2094000        6980         4.8%   104.152.52.204
  2065200        6884         4.7%   104.152.52.194
  1323600        4412         3.0%   104.152.52.111
  1042800        3476         2.4%   104.152.52.160
  1041600        3472         2.4%   104.152.52.115

Top-10 Dst IPs by Packets:
  Packets   Est. Rate   % of Total                               Dst IP
----------------------------------------------------------------------
   524100        1747         1.2%   2001:18e8:c02:5:8616:cff:fe7b:fd40
    68700         229         0.2%                       132.70.166.104
    67200         224         0.2%                        104.16.98.215
    61500         205         0.1%                        132.76.230.97
    61200         204         0.1%                        132.72.67.106
    57300         191         0.1%                        132.68.209.98
    56700         189         0.1%                       54.230.112.123
    50700         169         0.1%                         192.114.5.10
    48900         163         0.1%                        132.75.176.28
    47700         159         0.1%                         132.76.61.54

Top-10 Possible Targets by Bytes:
                Src IP   Src Port                               Dst IP   Dst Port   Sampled Count
-----------------------------------------------------------------------------------------------
  2001:bf8:900:d:2::71       8443                                                       785485800
  2001:bf8:900:d:2::71                                                      41352       785485800
  2001:bf8:900:d:2::71                                                                  785485800
                             8443   2001:18e8:c02:5:8616:cff:fe7b:fd40                  785485800
                                    2001:18e8:c02:5:8616:cff:fe7b:fd40      41352       785485800
                                    2001:18e8:c02:5:8616:cff:fe7b:fd40                  785485800
        104.152.52.219                                                                  109848000
          185.7.214.66      51642                                                       109488000
          185.7.214.66                                                                  109488000
          92.255.57.94      51691                                                       108804000

Metric Info:
356k SYN Packets/s

Alert Type:
time_window

Alert Description:
High SYN packet rate

Start Time: 2025-03-28 08:28:50
End Time: ongoing

First Event Seen: 2025-03-28 08:26:00
Last Event Seen: 2025-03-28 08:38:00

Further Details:
https://primary.nemo.geant.org/alerts/details/369091/

More information about the Nemo-ddos-list mailing list