[NeMo-DDoS-List] FW: [Geant NeMo] Analysis for Alert #204236 WARN: IUCC (AS378) - [IUCC] [Email_Analysis] [Customer]

Hank Nussbacher hank at mail.iucc.ac.il
Sat May 3 18:14:18 IDT 2025 



________________________________________
From: nemo-ddos at host.geant.org <nemo-ddos at host.geant.org>
Sent: Saturday, May 3, 2025 6:14:08 PM (UTC+02:00) Jerusalem
To: soc at geant.org
Subject: [Geant NeMo] Analysis for Alert #204236 WARN: IUCC (AS378) - [IUCC] [Email_Analysis] [Customer]

Please find the analysis details for the Alert ID: 204236

Top-10 Src IPs by Packets:
   Packets   Est. Rate   % of Total                     Src IP
-------------------------------------------------------------
  52400700      174669        12.6%   2a00:1450:4002:415::201b
  51502500      171675        12.4%   2a00:1450:4002:414::201b
  49142400      163808        11.8%   2a00:1450:4002:411::201b
  45433800      151446        10.9%   2a00:1450:4002:416::201b
   7689000       25630         1.9%               172.66.0.218
   7057500       23525         1.7%              216.58.205.59
   5660700       18869         1.4%             216.58.204.155
   5610900       18703         1.4%               3.164.182.30
   5601300       18671         1.3%             216.58.204.138
   5319900       17733         1.3%              216.58.205.42

Top-10 Dst IPs by Packets:
   Packets   Est. Rate   % of Total                 Dst IP
---------------------------------------------------------
  16849200       56164         4.1%    2001:bf8:900:d:1::a
  15241500       50805         3.7%   2001:bf8:900:d:1::14
  14656500       48855         3.5%   2001:bf8:900:d:1::11
  13550100       45167         3.3%         192.114.101.36
  13381500       44605         3.2%   2001:bf8:900:d:1::1d
  12774000       42580         3.1%   2001:bf8:900:d:1::1f
  12577500       41925         3.0%         192.114.101.27
  12085500       40285         2.9%   2001:bf8:900:d:1::f5
  11880600       39602         2.9%   2001:bf8:900:d:1::1a
  11799300       39331         2.8%   2001:bf8:900:d:1::2d

Top-10 Possible Targets by Bytes:
                    Src IP   Src Port                Dst IP   Dst Port   Sampled Count
------------------------------------------------------------------------------------
  2a00:1450:4002:415::201b        443                                      66600009900
  2a00:1450:4002:415::201b                                                 66600009900
  2a00:1450:4002:414::201b        443                                      65395351800
  2a00:1450:4002:414::201b                                                 65395351800
  2a00:1450:4002:411::201b        443                                      62478934800
  2a00:1450:4002:411::201b                                                 62478934800
  2a00:1450:4002:416::201b        443                                      57681919200
  2a00:1450:4002:416::201b                                                 57681919200
                                  443   2001:bf8:900:d:1::a                21406556700
                                        2001:bf8:900:d:1::a                21406556700

Metric Info:
2M ACK Packets/s

Alert Type:
time_window

Alert Description:
High ACK packet rate.

Start Time: 2025-05-03 15:10:37
End Time: ongoing

First Event Seen: 2025-05-03 15:07:00
Last Event Seen: 2025-05-03 15:12:00

Further Details:
https://secondary.nemo.geant.org/alerts/details/204236/

More information about the Nemo-ddos-list mailing list