Professional Documents
Culture Documents
DoS Host Alert 84961
DoS Host Alert 84961
DoS Host Alert 84961
Summary
Severity Level: Max Severity Percent: Max Impact of Alert Traffic: Direction: Misuse Types: Managed Object: Target:
High 205.0% of 10 Kpps 8.4 Mbps/20.5 Kpps Incoming TCP SYN, TCP RST Michnet1 198.108.67.16
Top Misuse Type: TCP SYN at Managed Object Boundary
15.00 Kpps
0
10.00 Kpps
-0.5
5.00 Kpps
0.00
0.00 pps
pps -1
-1
09:16:00 09:20:00 09:23:20 09:26:40 09:30:00 09:33:20 09:36:40 09:40:00 09:43:20 09:46:40 09:50:00
page 1 of 5
Traffic Details
Source IP Addresses
Highly Distributed 15.99 Kpps 100.00%
178.0.0.0/8 233.00 pps 1.46%
95.71.176.4/32 194.00 pps 1.21%
46.0.0.0/8 108.00 pps 0.68%
95.46.145.104/32 104.00 pps 0.65%
Destination IP Addresses
198.108.67.16/32 15.99 Kpps 100.00%
page 2 of 5
Destination TCP Ports
80 www-http 10.12 Kpps 63.27%
443 https 5.80 Kpps 36.30%
8968 0.00 pps
53481 0.00 pps
55602 0.00 pps
Source ASNs
12389 ROSTELECOM 3.83 Kpps 23.98%
6697 BELPAK 594.00 pps 3.72%
8402 CORBINA 360.00 pps 2.25%
15895 KSNET 229.00 pps 1.43%
28812 JSCBIS 217.00 pps 1.36%
page 3 of 5
Destination ASNs
0 NULL 15.99 Kpps 100.00%
Source Countries
Russian Federation 11.65 Kpps 72.86%
Ukraine 2.83 Kpps 17.71%
Belarus 642.00 pps 4.02%
Kazakhstan 375.00 pps 2.35%
Unknown 88.00 pps 0.55%
Protocols
tcp 15.99 Kpps 100.00%
TCP Flags
S Synchronize 13.19 Kpps 82.47%
AR Acknowledgement, Reset 2.27 Kpps 14.21%
Acknowledgement...
R Reset 530.00 pps 3.31%
page 4 of 5
ICMP Types
No items available.
Misuse Types
TCP SYN 13.19 Kpps 82.47%
TCP RST 2.80 Kpps 17.53%
Routers
Name (# Interfaces) Severity Interface Direction Interface Boundary Interface ASNs Avg Packet Size Max Observed Average Observed
wsu5 (2) - - - 49 10.1 Mbps 6.2 Mbps
High 25.5 Kpps 15.7 Kpps
ae3.28 OUT 49 10.1 Mbps 6.2 Mbps
WSU5-to-SFLD-COR-123NET-MPLS-BIN-PTP
25.5 Kpps 15.7 Kpps
WSU5-to-SFLD-COR...PTP
et-5/1/0.0 IN Network 7018 49 10.1 Mbps 6.2 Mbps
AT&T-MIS 100GE;/L8YX/958242//ATI/ (LR4,TX=0,RX=0, DTRT-WSUCC-PD3)
25.5 Kpps 15.7 Kpps
100GE;/...D3)
AT&T-MIS
Annotations
The "TCP SYN" host alert signature severity rate configured for "Michnet1" has been exceeded for 3 minutes, changing Severity Level from medium to high (expected rate: 10.00 Kpps, observed rate: 15.67 Kpps) (boundary: managed
object)
The "TCP SYN" host alert signature severity rate configured for "Michnet1" has been exceeded, changing Severity Level from low to medium (expected rate: 10.00 Kpps, observed rate: 11.21 Kpps)
The "TCP RST" host alert signature has been triggered at router "wsu5". (expected rate: 2.50 Kpps, observed rate: 2.69 Kpps)
The "TCP SYN" host alert signature has been triggered at router "wsu5". (expected rate: 2.50 Kpps, observed rate: 11.21 Kpps)
page 5 of 5