DoS Host Alert 20353289

DoS Host Alert 20353289 Fri 3 Jan 2020 00:11:12 IST
Duration: Jan 3 00:02 - Ongoing (0:08)
Period: Alert Timeframe Units: bps View: Network Boundary
Summary
Severity Level: Max Severity Percent: Max Impact of Alert Traffic: Direction: Misuse Types: Managed Object: Target:
High 160.0% of 45 Mbps 72.0 Mbps/6.0 Kpps Incoming Total Traffic, TCP ACK PAN_India_Network 202.46.195.5
PAN_India_N...
Top Misuse Type: Total Traffic at Managed Object Boundary
Alert Traffic * Misuse Types Exceeding Trigger Rate
Total Traffic * TCP ACK *

6.00
6.00Kpps
Kpps 1
5.00 Kpps
0.5
4.00 Kpps
3.00 Kpps 0
2.00 Kpps
-0.5
1.00 Kpps
0.00
0.00 pps
pps -1
-1
00:02:00 00:02:30 00:03:20 00:04:10 00:05:00 00:05:50 00:06:40 00:07:30 00:08:20 00:09:15
Alert Characterization Packet Size Distribution
Misuse Types TCP ACK (16) 100.00% 0-150

151-300
Misuse Types Total Traffic (7) 100.00% 301-450
Source IP Addresses 40.100.138.2/32 451-600
99.36%
601-750
Destination IP Addresses 202.46.195.5/32 100.00% 751-900
901-1050
Protocols tcp (6) 100.00% 1051-1200
Source TCP Ports 993 (imaps) 99.36% 1201-1350
1351-1500
Destination TCP Ports 47466 99.36% jumboframes
Source Countries United States 99.36% 0 500k 1M 1.57M
packets
Source ASNs MICROSOFT-CORP-MSN-AS-BLOCK (8075) 100.00%
Destination ASNs CYQ (17453) 100.00%
TCP Flags AP (Acknowledgement, Push) 99.36%
Top Traffic Patterns (last 5 min of selected timeframe)
Source Protocol Flags Src Port Destination Dest Port Router Alert Traffic
1. 40.100.138.2/32 TCP AP 993 202.46.195.5/32 47466 mu-me01-icr04 6.00 Kpps
page 1 of 6
Traffic Details
Source Protocol Flags Src Port Destination Dest Port Router Alert Traffic
Top 5 for Each Traffic Statistic
Source IP Addresses
40.100.138.2/32 3.25 Kpps 99.36%
104.47.101.55/32 20.00 pps 0.61%
Destination IP Addresses
202.46.195.5/32 3.27 Kpps 100.00%
Source TCP Ports

993 imaps 3.25 Kpps 99.36%
24335 20.00 pps 0.61%
page 2 of 6
Destination TCP Ports
47466 3.25 Kpps 99.36%
25 smtp 20.00 pps 0.61%
Source UDP Ports

No items available.
Destination UDP Ports

No items available.
Source ASNs
8075 MICROSOFT-CORP-MSN-AS-BLOCK 3.27 Kpps 100.00%
MICROSOFT-CORP-...
page 3 of 6
Destination ASNs
17453 CYQ 3.27 Kpps 100.00%
Source Countries
United States 3.25 Kpps 99.36%
India 20.00 pps 0.61%
Protocols
tcp 3.27 Kpps 100.00%
TCP Flags
AP Acknowledgement, Push 3.25 Kpps 99.36%
Acknowledgement...
A Acknowledgement 20.00 pps 0.61%
page 4 of 6
ICMP Types
No items available.
Misuse Types
TCP ACK 3.27 Kpps 100.00%
Total Traffic 3.27 Kpps 100.00%
Routers
Name (# Interfaces) Severity Interface Direction Interface Boundary Interface ASNs Avg Packet Size Max Observed Average Observed
mu-me01-icr03 (2) - - - 1459 48.0 Mbps 15.3 Mbps
High 4.0 Kpps 1.3 Kpps
ae77.0 OUT Network 1459 48.0 Mbps 15.3 Mbps
091MUMB030030845262+091MUMB030008944180/DVoiS_COMMUNICATIONS/
4.0 Kpps 1.3 Kpps
Mumbai/STDILL
091MUMB030030845...ILL
ae221.101 IN 1459 48.0 Mbps 15.3 Mbps
-AE-XC-IOR_438972-Connected-To-mu-me01-icr01-ae223-300G-Metric 1-
4.0 Kpps 1.3 Kpps
1-
-AE-XC-IOR_43897...
mu-me01-icr04 (2) - - - 1494 71.9 Mbps 16.2 Mbps
High 6.0 Kpps 1.4 Kpps
ae6.0 IN Network 8075 1494 71.9 Mbps 16.2 Mbps
091MUMB030030821710/Microsoft/Mumbai/STDILL
6.0 Kpps 1.4 Kpps
091MUMB030030821...ILL
ae221.0 OUT 1494 71.9 Mbps 16.2 Mbps
-AE-XC-IOR_438982-Connected To-mu-me01-icr01-ae224-300G-Metric 1-;
6.0 Kpps 1.4 Kpps
-AE-XC-IOR_43898...1-;
page 5 of 6
Annotations
Alert Classification None
The "Total Traffic" host alert signature severity rate configured for "PAN_India_Network" has been exceeded for 2 minutes, changing Severity Level from medium to high (expected rate: 45.00 Mbps/11.00 Kpps, observed rate: 48.06 Mbps/4.00
Kpps)
auto-annotation on Fri Jan 3 0:04:45
The "Total Traffic" host alert signature severity rate configured for "PAN_India_Network" has been exceeded, changing Severity Level from low to medium (expected rate: 45.00 Mbps/11.00 Kpps, observed rate: 48.06 Mbps/4.00 Kpps)
The "TCP ACK" host alert signature has been triggered at router "mu-me01-icr03". (expected rate: 35.00 Mbps/9.00 Kpps, observed rate: 48.06 Mbps/4.00 Kpps)
The "Total Traffic" host alert signature has been triggered at router "mu-me01-icr03". (expected rate: 35.00 Mbps/9.00 Kpps, observed rate: 48.06 Mbps/4.00 Kpps)
For assistance with this product, please contact GSMC-DDoS.Protection@tatacommunications.com.
page 6 of 6

DoS Host Alert 20353289

Încărcat de

Informații document

Titlu original

Drepturi de autor

Formate disponibile

Partajați acest document

Partajați sau inserați document

Opțiuni de partajare

Vi se pare util acest document?

Este necorespunzător acest conținut?

Drepturi de autor:

Formate disponibile

DoS Host Alert 20353289

Încărcat de

Drepturi de autor:

Formate disponibile

DoS Host Alert 20353289 Fri 3 Jan 2020 00:11:12 IST

Duration: Jan 3 00:02 - Ongoing (0:08)

Period: Alert Timeframe Units: bps View: Network Boundary

Alert Traffic * Misuse Types Exceeding Trigger Rate

Total Traffic * TCP ACK *

Alert Characterization Packet Size Distribution

Misuse Types TCP ACK (16) 100.00% 0-150

Top Traffic Patterns (last 5 min of selected timeframe)

1. 40.100.138.2/32 TCP AP 993 202.46.195.5/32 47466 mu-me01-icr04 6.00 Kpps

2. 40.100.138.2/32 TCP AP 993 202.46.195.5/32 47466 mu-me01-icr03 3.83 Kpps

1. 40.100.138.2/32 TCP AP 993 202.46.195.5/32 47466 mu-me01-icr04 6.00 Kpps

2. 40.100.138.2/32 TCP AP 993 202.46.195.5/32 47466 mu-me01-icr03 3.83 Kpps

Top 5 for Each Traffic Statistic

Source TCP Ports

Source UDP Ports

Destination UDP Ports

Alert Classification None

auto-annotation on Fri Jan 3 0:04:45

auto-annotation on Fri Jan 3 0:02:45

auto-annotation on Fri Jan 3 0:02:45

auto-annotation on Fri Jan 3 0:02:45

For assistance with this product, please contact GSMC-DDoS.Protection@tatacommunications.com.

S-ar putea să vă placă și