Thanks to visit codestin.com
Credit goes to www.scribd.com

Scribd
Upload
138 views5 pages

DoS Host Alert 84961

1) A DoS attack targeting 198.108.67.16 was detected from 09:16 to 09:50 with a maximum impact of 8.4 Mbps. 2) The attack consisted primarily of TCP SYN packets originating from IP addresses in Russia. 3) The target ports were HTTP (80) and HTTPS (443).

Uploaded by

siriom
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
138 views5 pages

DoS Host Alert 84961

1) A DoS attack targeting 198.108.67.16 was detected from 09:16 to 09:50 with a maximum impact of 8.4 Mbps. 2) The attack consisted primarily of TCP SYN packets originating from IP addresses in Russia. 3) The target ports were HTTP (80) and HTTPS (443).

Uploaded by

siriom
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 5

Tue 20 Aug 2019 13:42:58 UTC

DoS Host Alert 84961

Duration: Aug 20 09:16 - 09:50 (0:34)

DETAILS Period: Alert Timeframe Units: bps View: Network Boundary

Summary
Severity Level: Max Severity Percent:  Max Impact of Alert Traffic:  Direction: Misuse Types: Managed Object: Target:
High 205.0% of 10 Kpps 8.4 Mbps/20.5 Kpps Incoming TCP SYN, TCP RST Michnet1 198.108.67.16
Top Misuse Type: TCP SYN at Managed Object Boundary

Alert Traffic  * Misuse Types Exceeding Trigger Rate

All Alert Traffic TCP SYN * TCP RST *


25.88 Kpps 1
25.00 Kpps

20.00 Kpps 0.5

15.00 Kpps
0

10.00 Kpps

-0.5
5.00 Kpps

0.00
0.00 pps
pps -1
-1
09:16:00 09:20:00 09:23:20 09:26:40 09:30:00 09:33:20 09:36:40 09:40:00 09:43:20 09:46:40 09:50:00

Alert Characterization Packet Size Distribution

Misuse Types TCP SYN (5) 82.47% 0-150


151-300
Source IP Addresses Highly Distributed 100.00% 301-450
Destination IP Addresses 198.108.67.16/32 100.00% 451-600
601-750
Protocols tcp (6) 100.00% 751-900
Source TCP Ports 1024-65535 (Dynamic) 99.58% 901-1050
1051-1200
Destination TCP Ports 80 (www-http) 63.27% 1201-1350
Destination TCP Ports 443 (https) 1351-1500
36.30%
jumboframes
Source Countries Russian Federation 72.86% 0 20M 33.58M
Destination ASNs NULL (0) 100.00% packets

TCP Flags S (Synchronize) 82.47%

Top Traffic Patterns (last 5 min of selected timeframe) 


No patterns found in the last 5 minutes of the selected timeframe.

page 1 of 5
Traffic Details

No patterns found in the last 5 minutes of the selected timeframe.

Top 5 for Each Traffic Statistic

Source IP Addresses
Highly Distributed 15.99 Kpps 100.00%
178.0.0.0/8 233.00 pps 1.46%
95.71.176.4/32 194.00 pps 1.21%
46.0.0.0/8 108.00 pps 0.68%
95.46.145.104/32 104.00 pps 0.65%

Destination IP Addresses
198.108.67.16/32 15.99 Kpps 100.00%

Source TCP Ports


1024-65535 Dynamic 15.92 Kpps 99.58%
80 www-http 58.00 pps 0.36%
53836 2.00 pps 0.01%
65095 1.00 pps 0.01%
62022 1.00 pps 0.01%

page 2 of 5
Destination TCP Ports
80 www-http 10.12 Kpps 63.27%
443 https 5.80 Kpps 36.30%
8968 0.00 pps
53481 0.00 pps
55602 0.00 pps

Source UDP Ports


No items available.

Destination UDP Ports


No items available.

Source ASNs
12389 ROSTELECOM 3.83 Kpps 23.98%
6697 BELPAK 594.00 pps 3.72%
8402 CORBINA 360.00 pps 2.25%
15895 KSNET 229.00 pps 1.43%
28812 JSCBIS 217.00 pps 1.36%

page 3 of 5
Destination ASNs
0 NULL 15.99 Kpps 100.00%

Source Countries
Russian Federation 11.65 Kpps 72.86%
Ukraine 2.83 Kpps 17.71%
Belarus 642.00 pps 4.02%
Kazakhstan 375.00 pps 2.35%
Unknown 88.00 pps 0.55%

Protocols
tcp 15.99 Kpps 100.00%

TCP Flags
S Synchronize 13.19 Kpps 82.47%
AR Acknowledgement, Reset 2.27 Kpps 14.21%
Acknowledgement...
R Reset 530.00 pps 3.31%

page 4 of 5
ICMP Types
No items available.

Misuse Types
TCP SYN 13.19 Kpps 82.47%
TCP RST 2.80 Kpps 17.53%

Routers

Name (# Interfaces) Severity Interface Direction Interface Boundary Interface ASNs Avg Packet Size Max Observed Average Observed
wsu5 (2) - - - 49 10.1 Mbps 6.2 Mbps
High 25.5 Kpps 15.7 Kpps
ae3.28 OUT 49 10.1 Mbps 6.2 Mbps
WSU5-to-SFLD-COR-123NET-MPLS-BIN-PTP
25.5 Kpps 15.7 Kpps
WSU5-to-SFLD-COR...PTP
et-5/1/0.0 IN Network 7018 49 10.1 Mbps 6.2 Mbps
AT&T-MIS 100GE;/L8YX/958242//ATI/ (LR4,TX=0,RX=0, DTRT-WSUCC-PD3)
25.5 Kpps 15.7 Kpps
100GE;/...D3)
AT&T-MIS
Annotations

Alert Classification None

The "TCP SYN" host alert signature severity rate configured for "Michnet1" has been exceeded for 3 minutes, changing Severity Level from medium to high (expected rate: 10.00 Kpps, observed rate: 15.67 Kpps) (boundary: managed
object)

auto-annotation on Tue Aug 20 9:18:45

The "TCP SYN" host alert signature severity rate configured for "Michnet1" has been exceeded, changing Severity Level from low to medium (expected rate: 10.00 Kpps, observed rate: 11.21 Kpps)

auto-annotation on Tue Aug 20 9:16:45

The "TCP RST" host alert signature has been triggered at router "wsu5". (expected rate: 2.50 Kpps, observed rate: 2.69 Kpps)

auto-annotation on Tue Aug 20 9:16:45

The "TCP SYN" host alert signature has been triggered at router "wsu5". (expected rate: 2.50 Kpps, observed rate: 11.21 Kpps)

auto-annotation on Tue Aug 20 9:16:45

For assistance with this product, please contact support at https://support.arbornetworks.com

page 5 of 5

You might also like