Scribd
Upload
100 views6 pages

All Alerts

The JSON contains alerts from a NETSCOUT Arbor Sightline system. It shows multiple DoS alerts related to IP fragmentation across several time periods. The alerts indicate possible attacks involving high levels of IP fragmentation traffic.

Uploaded by

Alexis Salcedo Cieza
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
100 views6 pages

All Alerts

The JSON contains alerts from a NETSCOUT Arbor Sightline system. It shows multiple DoS alerts related to IP fragmentation across several time periods. The alerts indicate possible attacks involving high levels of IP fragmentation traffic.

Uploaded by

Alexis Salcedo Cieza
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 6

®

NETSCOUT | Arbor Sightline : All Alerts



Mon 20 Jul 2020 00:01:16 UTC

100 results (0.60 seconds)

ID  Max Impact Importance Alert Start Time Classification & Annotations

DoS Host Alert Possible Attack


Low Outgoing Host Alert from 186.27.81.16 The "IP Fragmentation" host alert signature has been
195846 48.0% of 10 Kpps using Gtt Jul 19 23:58 - Ongoing (0:03) triggered at router "rMPLSPolo1BR02". (expected rate:
44.0 Mbps, 4.8 Kpps Misuse Types: 2.50 Kpps, observed rate: 4.13 Kpps) (by auto-
IP Fragmentation annotation)
Possible Attack
DoS Host Alert
The "IP Fragmentation" host alert signature severity rate
High Incoming Host Alert to 186.27.81.16
configured for "Nuevatel_IPv4" has been exceeded for 3
195845 584.0% of 10 Kpps using Nuevatel_IPv4 Jul 19 23:58 - Ongoing (0:03)
minutes, changing Severity Level from medium to high
986.1 Mbps, 95.9 Kpps Misuse Types:
(expected rate: 10.00 Kpps, observed rate: 58.44 Kpps)
IP Fragmentation, UDP, DNS Amplification
(boundary: managed object) (by auto-annotation)
Possible Attack
DoS Host Alert
The "IP Fragmentation" host alert signature severity rate
High Outgoing Host Alert from 181.188.165.38
configured for "Teliasonera" has been exceeded for 3
195844 205.0% of 10 Kpps using Teliasonera Jul 19 23:55 - Ongoing (0:06)
minutes, changing Severity Level from medium to high
206.8 Mbps, 20.5 Kpps Misuse Types:
(expected rate: 10.00 Kpps, observed rate: 17.79 Kpps)
IP Fragmentation
(by auto-annotation)
Possible Attack
DoS Host Alert
The "IP Fragmentation" host alert signature severity rate
High Incoming Host Alert to 181.188.165.38
configured for "Nuevatel_IPv4" has been exceeded for 3
195843 587.0% of 10 Kpps using Nuevatel_IPv4 Jul 19 23:55 - Ongoing (0:06)
minutes, changing Severity Level from medium to high
1.0 Gbps, 97.2 Kpps Misuse Types:
(expected rate: 10.00 Kpps, observed rate: 58.72 Kpps)
IP Fragmentation, UDP, DNS Amplification
(boundary: managed object) (by auto-annotation)
Possible Attack
DoS Host Alert
The "TCP ACK" host alert signature severity rate
High Outgoing Host Alert from 200.108.110.126
configured for "Firewall_CLARO" has been exceeded,
195842 257.0% of 80 Mbps using Firewall_CLARO Jul 19 23:47 - 23:52 (0:05)
changing Severity Level from low to high (expected rate:
205.3 Mbps, 18.7 Kpps Misuse Types:
80.00 Mbps/30.00 Kpps, observed rate: 205.31 Mbps/
TCP ACK
18.70 Kpps) (by auto-annotation)
Possible Attack
DoS Host Alert
The "IP Fragmentation" host alert signature severity rate
Medium Outgoing Host Alert from 181.188.165.38
configured for "Teliasonera" has been exceeded,
195841 108.0% of 10 Kpps using Teliasonera Jul 19 23:43 - 23:48 (0:05)
changing Severity Level from low to medium (expected
110.3 Mbps, 10.8 Kpps Misuse Types:
rate: 10.00 Kpps, observed rate: 10.79 Kpps) (by auto-
IP Fragmentation
annotation)
Possible Attack
DoS Host Alert
The "IP Fragmentation" host alert signature severity rate
Medium Incoming Host Alert to 181.188.165.38
configured for "Nuevatel_IPv4" has been exceeded,
195840 385.0% of 10 Kpps using Nuevatel_IPv4 Jul 19 23:42 - 23:48 (0:06)
changing Severity Level from low to medium (expected
654.7 Mbps, 63.0 Kpps Misuse Types:
rate: 10.00 Kpps, observed rate: 38.50 Kpps) (by auto-
IP Fragmentation, UDP, DNS Amplification
annotation)
DoS Host Alert Possible Attack
Low Outgoing Host Alert from 76.241.36.247 The "IP Fragmentation" host alert signature has been
195839 52.0% of 10 Kpps using Teliasonera Jul 19 23:33 - 23:40 (0:07) triggered at router "rMPLSPolo1BR02". (expected rate:
53.6 Mbps, 5.2 Kpps Misuse Types: 2.50 Kpps, observed rate: 3.38 Kpps) (by auto-
IP Fragmentation annotation)
DoS Host Alert
Possible Attack
Low Outgoing Host Alert from 151.101.6.2
The "TCP RST" host alert signature has been triggered at
195838 57.0% of 10 Kpps using Teliasonera Jul 19 23:30 - 23:53 (0:23)
router "rMPLSPolo1BR02". (expected rate: 2.50 Kpps,
2.7 Mbps, 5.7 Kpps Misuse Types:
observed rate: 2.52 Kpps) (by auto-annotation)
TCP SYN, TCP RST
DoS Host Alert Possible Attack
Low Outgoing Host Alert from 185.38.148.13 The "IP Fragmentation" host alert signature has been
195837 32.0% of 10 Kpps using Teliasonera Jul 19 23:25 - 23:30 (0:05) triggered at router "rMPLSPolo1BR02". (expected rate:
31.5 Mbps, 3.2 Kpps Misuse Types: 2.50 Kpps, observed rate: 3.17 Kpps) (by auto-
IP Fragmentation annotation)
DoS Host Alert
Possible Attack
Low Outgoing Host Alert from 151.101.6.2
The "TCP SYN" host alert signature has been triggered at
195836 39.0% of 10 Kpps using Teliasonera Jul 19 23:24 - 23:29 (0:05)
router "rMPLSPolo1BR02". (expected rate: 2.50 Kpps,
1.9 Mbps, 3.2 Kpps Misuse Types:
observed rate: 3.23 Kpps) (by auto-annotation)
TCP SYN
Possible Attack
DoS Host Alert
The "IP Fragmentation" host alert signature severity rate
Medium Incoming Host Alert to 179.6.57.85
configured for "HFC_CGN_TACNA_1" has been exceeded,
195835 429.0% of 10 Kpps using HFC_CGN_TACNA_1 Jul 19 23:23 - 23:28 (0:05)
changing Severity Level from low to medium (expected
697.6 Mbps, 68.5 Kpps Misuse Types:
rate: 10.00 Kpps, observed rate: 42.86 Kpps) (by auto-
IP Fragmentation, UDP
annotation)
DoS Host Alert Possible Attack
Low Outgoing Host Alert from 185.44.76.150 The "IP Fragmentation" host alert signature has been
195834 56.0% of 10 Kpps using Teliasonera Jul 19 23:13 - 23:19 (0:06) triggered at router "rMPLSPolo1BR02". (expected rate:
57.5 Mbps, 5.6 Kpps Misuse Types: 2.50 Kpps, observed rate: 4.08 Kpps) (by auto-
IP Fragmentation annotation)
DoS Host Alert Possible Attack
Low Incoming Host Alert to 179.6.222.205 The "IP Fragmentation" host alert signature has been
195833 39.0% of 10 Kpps using HFC CGN Polo1 - Huawei Jul 19 23:00 - 23:09 (0:09) triggered at router "rMPLSPolo1BR02". (expected rate:
2.1 Mbps, 3.9 Kpps Misuse Types: 2.50 Kpps, observed rate: 3.08 Kpps) (by auto-
IP Fragmentation annotation)

BGP Instability
Too many BGP updates (max. per 5 min.): Jul 19 22:55 - 22:55 (Less than 1
195832 Medium None
Router:rMPLSPolo1BR02 minute)
Updates:5794

BGP Instability
Too many BGP updates (max. per 5 min.):
195831 Medium Jul 19 22:45 - 22:55 (0:10) None
Router:rMPLSVillaSalvadorBR01
Updates:8970

DoS Host Alert


Possible Attack
Low Outgoing Host Alert from 151.101.6.2
The "TCP RST" host alert signature has been triggered at
195830 51.0% of 10 Kpps using Teliasonera Jul 19 22:40 - 23:06 (0:26)
router "rMPLSVillaSalvadorBR01". (expected rate: 2.50
3.0 Mbps, 5.1 Kpps Misuse Types:
Kpps, observed rate: 2.67 Kpps) (by auto-annotation)
TCP SYN, TCP RST
Possible Attack
DoS Host Alert
The "IP Fragmentation" host alert signature severity rate
Medium Outgoing Host Alert from 181.188.165.38
configured for "Teliasonera" has been exceeded,
195829 228.0% of 10 Kpps using Teliasonera Jul 19 22:37 - 22:50 (0:13)
changing Severity Level from low to medium (expected
229.0 Mbps, 22.8 Kpps Misuse Types:
rate: 10.00 Kpps, observed rate: 20.70 Kpps) (by auto-
IP Fragmentation
annotation)

page 1 of 6
DoS Host Alert Possible Attack
High Incoming Host Alert to 181.188.165.38 The "DNS Amplification" host alert signature has been
195828 716.0% of 10 Kpps using Nuevatel_IPv4 Jul 19 22:33 - 22:50 (0:17) triggered at router "rMPLSPolo1BR02". (expected rate:
1.2 Gbps, 112.3 Kpps Misuse Types: 200.00 Mbps/30.00 Kpps, observed rate: 210.02 Mbps/
IP Fragmentation, UDP, DNS Amplification, CLDAP Amplification 18.04 Kpps) (by auto-annotation)
DoS Host Alert Possible Attack
Low Outgoing Host Alert from 103.95.221.8 The "IP Fragmentation" host alert signature has been
195827 42.0% of 10 Kpps using Teliasonera Jul 19 22:25 - 22:37 (0:12) triggered at router "rMPLSPolo1BR02". (expected rate:
42.5 Mbps, 4.2 Kpps Misuse Types: 2.50 Kpps, observed rate: 4.18 Kpps) (by auto-
IP Fragmentation annotation)
DoS Host Alert
Possible Attack
Low Outgoing Host Alert from 151.101.6.2
The "TCP RST" host alert signature has been triggered at
195826 46.0% of 10 Kpps using Teliasonera Jul 19 22:24 - 22:38 (0:14)
router "rMPLSPolo1BR02". (expected rate: 2.50 Kpps,
2.2 Mbps, 4.6 Kpps Misuse Types:
observed rate: 2.57 Kpps) (by auto-annotation)
TCP SYN, TCP RST
Possible Attack
DoS Host Alert The "IP Fragmentation" host alert signature severity rate
High Incoming Host Alert to 190.113.215.99 configured for "MOVIL_CGN_Arequipa" has been
195825 498.0% of 10 Kpps using MOVIL_CGN_Arequipa Jul 19 22:13 - 22:22 (0:09) exceeded for 3 minutes, changing Severity Level from
895.0 Mbps, 86.0 Kpps Misuse Types: medium to high (expected rate: 10.00 Kpps, observed
IP Fragmentation, UDP rate: 47.38 Kpps) (boundary: managed object) (by auto-
annotation)
Possible Attack
DoS Host Alert
The "IP Fragmentation" host alert signature severity rate
High Outgoing Host Alert from 190.113.215.99
configured for "Tata" has been exceeded for 3 minutes,
195824 482.0% of 10 Kpps using Tata Jul 19 22:13 - 22:22 (0:09)
changing Severity Level from medium to high (expected
837.6 Mbps, 80.3 Kpps Misuse Types:
rate: 10.00 Kpps, observed rate: 43.65 Kpps) (by auto-
IP Fragmentation, UDP
annotation)
DoS Host Alert Possible Attack
Low Outgoing Host Alert from 5.81.80.140 The "IP Fragmentation" host alert signature has been
195823 31.0% of 10 Kpps using Teliasonera Jul 19 22:10 - 22:16 (0:06) triggered at router "rMPLSPolo1BR02". (expected rate:
30.6 Mbps, 3.1 Kpps Misuse Types: 2.50 Kpps, observed rate: 3.12 Kpps) (by auto-
IP Fragmentation annotation)
DoS Host Alert Possible Attack
Low Outgoing Host Alert from 176.160.42.152 The "IP Fragmentation" host alert signature has been
195822 37.0% of 10 Kpps using Teliasonera Jul 19 22:09 - 22:20 (0:11) triggered at router "rMPLSPolo1BR02". (expected rate:
37.0 Mbps, 3.7 Kpps Misuse Types: 2.50 Kpps, observed rate: 3.02 Kpps) (by auto-
IP Fragmentation annotation)
DoS Host Alert
Possible Attack
Low Outgoing Host Alert from 8.8.8.8
The "ICMP" host alert signature has been triggered at
195821 43.0% of 30 Kpps using Google Jul 19 22:02 - Ongoing (1:59)
router "rMPLSPolo1BR02". (expected rate: 2.50 Kpps,
8.6 Mbps, 12.9 Kpps Misuse Types:
observed rate: 2.52 Kpps) (by auto-annotation)
ICMP, DNS
DoS Host Alert
Possible Attack
Low Outgoing Host Alert from 151.101.6.2
The "TCP RST" host alert signature has been triggered at
195820 43.0% of 10 Kpps using Teliasonera Jul 19 21:58 - 22:03 (0:05)
router "rMPLSPolo1BR02". (expected rate: 2.50 Kpps,
1.3 Mbps, 2.7 Kpps Misuse Types:
observed rate: 2.72 Kpps) (by auto-annotation)
TCP RST
Possible Attack
DoS Host Alert
The "IP Fragmentation" host alert signature severity rate
Medium Incoming Host Alert to 179.58.73.238
configured for "Nuevatel_IPv4" has been exceeded,
195819 117.0% of 10 Kpps using Nuevatel_IPv4 Jul 19 21:56 - 22:01 (0:05)
changing Severity Level from low to medium (expected
117.9 Mbps, 11.7 Kpps Misuse Types:
rate: 10.00 Kpps, observed rate: 11.73 Kpps) (by auto-
IP Fragmentation
annotation)
DoS Host Alert Possible Attack
Low Incoming Host Alert to 190.107.60.33 The "IP Fragmentation" host alert signature has been
195818 47.0% of 10 Kpps using Nuevatel_IPv4 Jul 19 21:56 - 22:02 (0:06) triggered at router "rMPLSVillaSalvadorBR01". (expected
26.8 Mbps, 3.0 Kpps Misuse Types: rate: 2.50 Kpps, observed rate: 2.97 Kpps) (by auto-
IP Fragmentation annotation)
DoS Host Alert Possible Attack
Low Outgoing Host Alert from 190.107.60.33 The "IP Fragmentation" host alert signature has been
195817 29.0% of 10 Kpps using Gtt Jul 19 21:56 - 22:02 (0:06) triggered at router "rMPLSPolo1BR02". (expected rate:
25.8 Mbps, 2.9 Kpps Misuse Types: 2.50 Kpps, observed rate: 2.87 Kpps) (by auto-
IP Fragmentation annotation)
DoS Host Alert Possible Attack
Low Outgoing Host Alert from 176.160.42.152 The "IP Fragmentation" host alert signature has been
195816 40.0% of 10 Kpps using Teliasonera Jul 19 21:56 - 22:07 (0:11) triggered at router "rMPLSPolo1BR02". (expected rate:
39.4 Mbps, 4.0 Kpps Misuse Types: 2.50 Kpps, observed rate: 3.02 Kpps) (by auto-
IP Fragmentation annotation)
DoS Host Alert
Possible Attack
Low Outgoing Host Alert from 151.101.6.2
The "TCP RST" host alert signature has been triggered at
195815 34.0% of 10 Kpps using Teliasonera Jul 19 21:51 - 21:56 (0:05)
router "rMPLSPolo1BR02". (expected rate: 2.50 Kpps,
1.2 Mbps, 2.5 Kpps Misuse Types:
observed rate: 2.52 Kpps) (by auto-annotation)
TCP RST
DoS Host Alert
Possible Attack
Low Outgoing Host Alert from 151.101.6.2
The "TCP SYN" host alert signature has been triggered at
195814 43.0% of 10 Kpps using Teliasonera Jul 19 21:45 - 21:50 (0:05)
router "rMPLSVillaSalvadorBR01". (expected rate: 2.50
1.5 Mbps, 2.5 Kpps Misuse Types:
Kpps, observed rate: 2.52 Kpps) (by auto-annotation)
TCP SYN
DoS Host Alert Possible Attack
Low Outgoing Host Alert from 176.160.42.152 The "IP Fragmentation" host alert signature has been
195813 44.0% of 10 Kpps using Teliasonera Jul 19 21:43 - 21:53 (0:10) triggered at router "rMPLSPolo1BR02". (expected rate:
45.1 Mbps, 4.4 Kpps Misuse Types: 2.50 Kpps, observed rate: 4.43 Kpps) (by auto-
IP Fragmentation annotation)
DoS Host Alert
Possible Attack
Low Outgoing Host Alert from 8.8.8.8
The "DNS" host alert signature has been triggered at
195812 35.0% of 30 Kpps using Google Jul 19 21:42 - 21:55 (0:13)
router "rMPLSPolo1BR02". (expected rate: 10.00 Kpps,
7.1 Mbps, 10.5 Kpps Misuse Types:
observed rate: 10.24 Kpps) (by auto-annotation)
ICMP, DNS
Possible Attack
DoS Host Alert
The "IP Fragmentation" host alert signature severity rate
High Incoming Host Alert to 179.6.213.175
configured for "HFC CGN Polo1 - Huawei" has been
195811 541.0% of 10 Kpps using HFC CGN Polo1 - Huawei Jul 19 21:31 - 21:39 (0:08)
exceeded for 3 minutes, changing Severity Level from
911.4 Mbps, 89.6 Kpps Misuse Types:
medium to high (expected rate: 10.00 Kpps, observed
IP Fragmentation, UDP, DNS Amplification
rate: 44.16 Kpps) (by auto-annotation)
Possible Attack
DoS Host Alert
The "IP Fragmentation" host alert signature severity rate
Medium Incoming Host Alert to 179.6.204.146
configured for "HFC CGN VES - Huawei" has been
195810 394.0% of 10 Kpps using HFC CGN VES - Huawei Jul 19 21:29 - 21:34 (0:05)
exceeded, changing Severity Level from low to medium
643.1 Mbps, 62.7 Kpps Misuse Types:
(expected rate: 10.00 Kpps, observed rate: 39.36 Kpps)
IP Fragmentation, UDP
(by auto-annotation)
DoS Host Alert
Possible Attack
Low Outgoing Host Alert from 151.101.6.2
The "TCP SYN" host alert signature has been triggered at
195809 46.0% of 10 Kpps using Teliasonera Jul 19 21:29 - 21:36 (0:07)
router "rMPLSVillaSalvadorBR01". (expected rate: 2.50
2.7 Mbps, 4.6 Kpps Misuse Types:
Kpps, observed rate: 2.67 Kpps) (by auto-annotation)
TCP SYN, TCP RST

page 2 of 6
DoS Host Alert Possible Attack
Low Outgoing Host Alert from 86.3.138.23 The "IP Fragmentation" host alert signature has been
195808 33.0% of 10 Kpps using Teliasonera Jul 19 21:25 - 21:32 (0:07) triggered at router "rMPLSPolo1BR02". (expected rate:
33.1 Mbps, 3.3 Kpps Misuse Types: 2.50 Kpps, observed rate: 3.27 Kpps) (by auto-
IP Fragmentation annotation)
Interface Usage
High usage for:
195807 Medium Interface: Eth-Trunk23 Jul 19 21:15 - Ongoing (2:46) None
Router: rMPLSPolo1BR02
44.85 Gbps (112.1% of 40.00 Gbps)
DoS Host Alert
Possible Attack
Low Outgoing Host Alert from 8.8.8.8
The "ICMP" host alert signature has been triggered at
195806 39.0% of 30 Kpps using Google Jul 19 21:12 - 21:38 (0:26)
router "rMPLSPolo1BR02". (expected rate: 2.50 Kpps,
7.7 Mbps, 11.6 Kpps Misuse Types:
observed rate: 2.77 Kpps) (by auto-annotation)
ICMP, DNS
DoS Host Alert
Possible Attack
Low Outgoing Host Alert from 8.8.8.8
The "DNS" host alert signature has been triggered at
195805 35.0% of 30 Kpps using Google Jul 19 21:00 - 21:09 (0:09)
router "rMPLSPolo1BR02". (expected rate: 10.00 Kpps,
7.1 Mbps, 10.6 Kpps Misuse Types:
observed rate: 10.18 Kpps) (by auto-annotation)
ICMP, DNS
DoS Host Alert Possible Attack
Low Outgoing Host Alert from 103.95.221.8 The "IP Fragmentation" host alert signature has been
195804 33.0% of 10 Kpps using Teliasonera Jul 19 20:59 - 21:04 (0:05) triggered at router "rMPLSPolo1BR02". (expected rate:
33.7 Mbps, 3.3 Kpps Misuse Types: 2.50 Kpps, observed rate: 3.33 Kpps) (by auto-
IP Fragmentation annotation)

BGP Instability
Too many BGP updates (max. per 5 min.): Jul 19 20:55 - 20:55 (Less than 1
195803 Medium None
Router:rMPLSPolo1BR02 minute)
Updates:5518

BGP Instability
Too many BGP updates (max. per 5 min.): Jul 19 20:55 - 20:55 (Less than 1
195802 Medium None
Router:rMPLSVillaSalvadorBR01 minute)
Updates:5172

DoS Host Alert Possible Attack


Low Outgoing Host Alert from 185.44.76.150 The "IP Fragmentation" host alert signature has been
195801 45.0% of 10 Kpps using Teliasonera Jul 19 20:54 - 21:02 (0:08) triggered at router "rMPLSPolo1BR02". (expected rate:
46.7 Mbps, 4.5 Kpps Misuse Types: 2.50 Kpps, observed rate: 4.53 Kpps) (by auto-
IP Fragmentation annotation)
DoS Host Alert
Possible Attack
Low Outgoing Host Alert from 8.8.8.8
The "DNS" host alert signature has been triggered at
195800 35.0% of 30 Kpps using Google Jul 19 20:49 - 20:58 (0:09)
router "rMPLSPolo1BR02". (expected rate: 10.00 Kpps,
6.9 Mbps, 10.4 Kpps Misuse Types:
observed rate: 10.08 Kpps) (by auto-annotation)
ICMP, DNS
DoS Host Alert Possible Attack
Low Outgoing Host Alert from 185.23.214.74 The "IP Fragmentation" host alert signature has been
195799 39.0% of 10 Kpps using Teliasonera Jul 19 20:48 - 20:54 (0:06) triggered at router "rMPLSPolo1BR02". (expected rate:
39.2 Mbps, 3.9 Kpps Misuse Types: 2.50 Kpps, observed rate: 3.73 Kpps) (by auto-
IP Fragmentation annotation)
DoS Host Alert
Possible Attack
Low Outgoing Host Alert from 151.101.6.2
The "TCP SYN" host alert signature has been triggered at
195798 41.0% of 10 Kpps using Teliasonera Jul 19 20:43 - 20:48 (0:05)
router "rMPLSPolo1BR02". (expected rate: 2.50 Kpps,
1.6 Mbps, 2.6 Kpps Misuse Types:
observed rate: 2.62 Kpps) (by auto-annotation)
TCP SYN
Interface Usage
High usage for:
195797 Medium Interface: Eth-Trunk23 Jul 19 20:40 - 20:45 (0:05) None
Router: rMPLSPolo1BR02
38.40 Gbps (96.0% of 40.00 Gbps)
DoS Host Alert Possible Attack
Low Outgoing Host Alert from 185.63.252.93 The "IP Fragmentation" host alert signature has been
195796 77.0% of 10 Kpps using Teliasonera Jul 19 20:37 - 20:50 (0:13) triggered at router "rMPLSPolo1BR02". (expected rate:
77.8 Mbps, 7.7 Kpps Misuse Types: 2.50 Kpps, observed rate: 7.25 Kpps) (by auto-
IP Fragmentation annotation)
Possible Attack
DoS Host Alert
The "IP Fragmentation" host alert signature severity rate
Medium Incoming Host Alert to 190.113.208.148
configured for "MOVIL_CGN_Polo1" has been exceeded,
195795 363.0% of 10 Kpps using MOVIL_CGN_Polo1 Jul 19 20:33 - 20:38 (0:05)
changing Severity Level from low to medium (expected
649.8 Mbps, 62.3 Kpps Misuse Types:
rate: 10.00 Kpps, observed rate: 36.25 Kpps) (by auto-
IP Fragmentation, UDP, DNS Amplification
annotation)
DoS Host Alert
Possible Attack
Low Outgoing Host Alert from 45.7.37.1
The "UDP" host alert signature has been triggered at
195794 73.0% of 100 Kpps using Global Detection Jul 19 20:22 - Ongoing (3:39)
router "rMPLSPolo1BR02". (expected rate: 50.00 Kpps,
108.8 Mbps, 73.4 Kpps Misuse Types:
observed rate: 53.07 Kpps) (by auto-annotation)
UDP
DoS Host Alert
Possible Attack
Low Outgoing Host Alert from 8.8.8.8
The "DNS" host alert signature has been triggered at
195793 35.0% of 30 Kpps using Google Jul 19 20:14 - 20:23 (0:09)
router "rMPLSPolo1BR02". (expected rate: 10.00 Kpps,
6.9 Mbps, 10.5 Kpps Misuse Types:
observed rate: 10.32 Kpps) (by auto-annotation)
ICMP, DNS
DoS Host Alert
Possible Attack
Low Outgoing Host Alert from 151.101.6.2
The "TCP RST" host alert signature has been triggered at
195792 51.0% of 10 Kpps using Teliasonera Jul 19 20:01 - 20:13 (0:12)
router "rMPLSPolo1BR02". (expected rate: 2.50 Kpps,
2.4 Mbps, 5.1 Kpps Misuse Types:
observed rate: 2.52 Kpps) (by auto-annotation)
TCP SYN, TCP RST
Possible Attack
DoS Host Alert
This alert was generated due to fast flood detection. The
High  Fast Flood Outgoing Host Alert from 200.108.110.126
"TCP ACK" host alert signature has been triggered at
195791 230.0% of 80 Mbps using Firewall_CLARO Jul 19 19:58 - 20:08 (0:10)
router "rMPLSPolo1BR02". (expected rate: 50.00 Mbps/
183.9 Mbps, 16.7 Kpps Misuse Types:
15.00 Kpps, observed rate: 86.99 Mbps/8.30 Kpps) (by
TCP ACK
auto-annotation)
DoS Host Alert Possible Attack
Low Outgoing Host Alert from 31.42.184.142 The "IP Fragmentation" host alert signature has been
195790 45.0% of 10 Kpps using Teliasonera Jul 19 19:56 - 20:17 (0:21) triggered at router "rMPLSPolo1BR02". (expected rate:
47.4 Mbps, 4.5 Kpps Misuse Types: 2.50 Kpps, observed rate: 2.77 Kpps) (by auto-
IP Fragmentation annotation)
DoS Host Alert Possible Attack
Low Outgoing Host Alert from 185.23.214.74 The "IP Fragmentation" host alert signature has been
195789 32.0% of 10 Kpps using Teliasonera Jul 19 19:56 - 20:08 (0:12) triggered at router "rMPLSPolo1BR02". (expected rate:
30.5 Mbps, 3.2 Kpps Misuse Types: 2.50 Kpps, observed rate: 2.52 Kpps) (by auto-
IP Fragmentation annotation)

page 3 of 6
DoS Host Alert Possible Attack
Low Incoming Host Alert to 179.6.197.10 The "IP Fragmentation" host alert signature has been
195788 80.0% of 10 Kpps using HFC CGN VES - Huawei Jul 19 19:32 - 19:37 (0:05) triggered at router "rMPLSVillaSalvadorBR01". (expected
76.9 Mbps, 8.0 Kpps Misuse Types: rate: 2.50 Kpps, observed rate: 7.95 Kpps) (by auto-
IP Fragmentation annotation)
DoS Host Alert
Possible Attack
Low Outgoing Host Alert from 151.101.6.2
The "TCP SYN" host alert signature has been triggered at
195787 54.0% of 10 Kpps using Teliasonera Jul 19 19:29 - 19:57 (0:28)
router "rMPLSVillaSalvadorBR01". (expected rate: 2.50
3.2 Mbps, 5.4 Kpps Misuse Types:
Kpps, observed rate: 2.62 Kpps) (by auto-annotation)
TCP SYN, TCP RST
Possible Attack
DoS Host Alert
The "TCP SYN" host alert signature severity rate
Medium Outgoing Host Alert from 43.227.216.14
configured for "Teliasonera" has been exceeded,
195786 101.0% of 10 Kpps using Teliasonera Jul 19 19:20 - 19:25 (0:05)
changing Severity Level from low to medium (expected
4.8 Mbps, 10.1 Kpps Misuse Types:
rate: 10.00 Kpps, observed rate: 10.07 Kpps) (by auto-
TCP SYN
annotation)
DoS Host Alert
Possible Attack
Low Outgoing Host Alert from 151.101.6.2
The "TCP RST" host alert signature has been triggered at
195785 47.0% of 10 Kpps using Teliasonera Jul 19 19:17 - 19:26 (0:09)
router "rMPLSPolo1BR02". (expected rate: 2.50 Kpps,
1.9 Mbps, 4.1 Kpps Misuse Types:
observed rate: 2.62 Kpps) (by auto-annotation)
TCP RST
DoS Host Alert Possible Attack
High Incoming Host Alert to 179.6.215.115 The "NTP Amplification" host alert signature has been
195784 178.0% of 100 Kpps using HFC CGN Polo1 - Huawei Jul 19 19:15 - 19:32 (0:17) triggered at router "rMPLSPolo1BR02". (expected rate:
664.3 Mbps, 177.6 Kpps Misuse Types: 200.00 Mbps/100.00 Kpps, observed rate: 295.24 Mbps/
IP Fragmentation, UDP, NTP Amplification 78.81 Kpps) (by auto-annotation)
DoS Host Alert
Possible Attack
Low Outgoing Host Alert from 151.101.6.2
The "TCP RST" host alert signature has been triggered at
195783 45.0% of 10 Kpps using Teliasonera Jul 19 19:09 - 19:15 (0:06)
router "rMPLSPolo1BR02". (expected rate: 2.50 Kpps,
1.2 Mbps, 2.7 Kpps Misuse Types:
observed rate: 2.52 Kpps) (by auto-annotation)
TCP RST
Possible Attack
DoS Host Alert The "IP Fragmentation" host alert signature severity rate
High Incoming Host Alert to 179.6.197.10 configured for "HFC CGN VES - Huawei" has been
195782 455.0% of 10 Kpps using HFC CGN VES - Huawei Jul 19 19:09 - 19:18 (0:09) exceeded for 3 minutes, changing Severity Level from
776.0 Mbps, 73.4 Kpps Misuse Types: medium to high (expected rate: 10.00 Kpps, observed
IP Fragmentation, UDP, DNS Amplification rate: 45.48 Kpps) (boundary: managed object) (by auto-
annotation)
Possible Attack
DoS Host Alert
This alert was generated due to fast flood detection. The
High  Fast Flood Outgoing Host Alert from 200.108.110.126
"TCP ACK" host alert signature has been triggered at
195781 197.0% of 80 Mbps using Firewall_CLARO Jul 19 18:59 - 19:06 (0:07)
router "rMPLSPolo1BR02". (expected rate: 50.00 Mbps/
157.5 Mbps, 14.4 Kpps Misuse Types:
15.00 Kpps, observed rate: 80.19 Mbps/7.55 Kpps) (by
TCP ACK
auto-annotation)
DoS Host Alert Possible Attack
Low Outgoing Host Alert from 185.44.76.150 The "IP Fragmentation" host alert signature has been
195780 89.0% of 10 Kpps using Teliasonera Jul 19 18:53 - 19:02 (0:09) triggered at router "rMPLSPolo1BR02". (expected rate:
89.0 Mbps, 8.9 Kpps Misuse Types: 2.50 Kpps, observed rate: 5.44 Kpps) (by auto-
IP Fragmentation annotation)
DoS Host Alert
Possible Attack
Low Outgoing Host Alert from 151.101.6.2
The "TCP SYN" host alert signature has been triggered at
195779 44.0% of 10 Kpps using Teliasonera Jul 19 18:51 - 18:57 (0:06)
router "rMPLSVillaSalvadorBR01". (expected rate: 2.50
1.5 Mbps, 2.9 Kpps Misuse Types:
Kpps, observed rate: 2.62 Kpps) (by auto-annotation)
TCP SYN, TCP RST
DoS Host Alert Possible Attack
Low Incoming Host Alert to 181.177.190.215 The "IP Fragmentation" host alert signature has been
195778 34.0% of 10 Kpps using Nuevatel_IPv4 Jul 19 18:48 - 18:53 (0:05) triggered at router "rMPLSVillaSalvadorBR01". (expected
1.6 Mbps, 3.4 Kpps Misuse Types: rate: 2.50 Kpps, observed rate: 3.37 Kpps) (by auto-
IP Fragmentation annotation)
Possible Attack
DoS Host Alert The "IP Fragmentation" host alert signature severity rate
High Incoming Host Alert to 179.6.197.10 configured for "HFC CGN VES - Huawei" has been
195777 661.0% of 10 Kpps using HFC CGN VES - Huawei Jul 19 18:46 - 19:07 (0:21) exceeded for 3 minutes, changing Severity Level from
1.1 Gbps, 106.9 Kpps Misuse Types: medium to high (expected rate: 10.00 Kpps, observed
IP Fragmentation, UDP, DNS Amplification rate: 49.87 Kpps) (boundary: managed object) (by auto-
annotation)
DoS Host Alert
Possible Attack
Low Outgoing Host Alert from 128.116.112.44
The "TCP RST" host alert signature has been triggered at
195776 63.0% of 10 Kpps using Teliasonera Jul 19 18:40 - Ongoing (5:21)
router "rMPLSPolo1BR02". (expected rate: 2.50 Kpps,
3.7 Mbps, 6.3 Kpps Misuse Types:
observed rate: 2.52 Kpps) (by auto-annotation)
TCP SYN, TCP RST
DoS Host Alert Possible Attack
Low Outgoing Host Alert from 185.44.76.150 The "IP Fragmentation" host alert signature has been
195775 60.0% of 10 Kpps using Teliasonera Jul 19 18:38 - 18:46 (0:08) triggered at router "rMPLSPolo1BR02". (expected rate:
62.5 Mbps, 6.0 Kpps Misuse Types: 2.50 Kpps, observed rate: 5.94 Kpps) (by auto-
IP Fragmentation annotation)
DoS Host Alert
Possible Attack
Low Outgoing Host Alert from 151.101.6.2
The "TCP SYN" host alert signature has been triggered at
195774 54.0% of 10 Kpps using Teliasonera Jul 19 18:38 - 18:49 (0:11)
router "rMPLSVillaSalvadorBR01". (expected rate: 2.50
3.2 Mbps, 5.4 Kpps Misuse Types:
Kpps, observed rate: 2.72 Kpps) (by auto-annotation)
TCP SYN, TCP RST
Possible Attack
DoS Host Alert
The "IP Fragmentation" host alert signature severity rate
High Incoming Host Alert to 179.7.192.204
configured for "HFC_CGN_Trujillo" has been exceeded
195773 494.0% of 10 Kpps using HFC_CGN_Trujillo Jul 19 18:32 - 18:41 (0:09)
for 3 minutes, changing Severity Level from medium to
854.7 Mbps, 81.5 Kpps Misuse Types:
high (expected rate: 10.00 Kpps, observed rate: 49.37
IP Fragmentation, UDP, DNS Amplification
Kpps) (by auto-annotation)
DoS Host Alert Possible Attack
Low Outgoing Host Alert from 120.27.11.62 The "IP Fragmentation" host alert signature has been
195772 28.0% of 10 Kpps using Teliasonera Jul 19 18:23 - 18:28 (0:05) triggered at router "rMPLSPolo1BR02". (expected rate:
33.3 Mbps, 2.8 Kpps Misuse Types: 2.50 Kpps, observed rate: 2.82 Kpps) (by auto-
IP Fragmentation annotation)
DoS Host Alert Possible Attack
Low Outgoing Host Alert from 185.44.76.150 The "IP Fragmentation" host alert signature has been
195771 61.0% of 10 Kpps using Teliasonera Jul 19 18:18 - 18:27 (0:09) triggered at router "rMPLSPolo1BR02". (expected rate:
61.4 Mbps, 6.1 Kpps Misuse Types: 2.50 Kpps, observed rate: 5.09 Kpps) (by auto-
IP Fragmentation annotation)
DoS Host Alert
Possible Attack
Low Outgoing Host Alert from 151.101.6.2
The "TCP SYN" host alert signature has been triggered at
195770 45.0% of 10 Kpps using Teliasonera Jul 19 18:12 - 18:20 (0:08)
router "rMPLSPolo1BR02". (expected rate: 2.50 Kpps,
2.2 Mbps, 3.8 Kpps Misuse Types:
observed rate: 2.67 Kpps) (by auto-annotation)
TCP SYN, TCP RST

page 4 of 6
Possible Attack
DoS Host Alert
The "IP Fragmentation" host alert signature severity rate
Medium Incoming Host Alert to 179.6.207.211
configured for "HFC CGN VES - Huawei" has been
195769 433.0% of 10 Kpps using HFC CGN VES - Huawei Jul 19 18:05 - 18:11 (0:06)
exceeded, changing Severity Level from low to medium
748.4 Mbps, 71.9 Kpps Misuse Types:
(expected rate: 10.00 Kpps, observed rate: 43.28 Kpps)
IP Fragmentation, UDP, DNS Amplification
(by auto-annotation)
DoS Host Alert Possible Attack
Low Outgoing Host Alert from 31.42.184.142 The "IP Fragmentation" host alert signature has been
195768 46.0% of 10 Kpps using Teliasonera Jul 19 18:03 - 18:31 (0:28) triggered at router "rMPLSPolo1BR02". (expected rate:
47.3 Mbps, 4.6 Kpps Misuse Types: 2.50 Kpps, observed rate: 2.87 Kpps) (by auto-
IP Fragmentation annotation)
DoS Host Alert Possible Attack
Low Outgoing Host Alert from 185.23.214.74 The "IP Fragmentation" host alert signature has been
195767 61.0% of 10 Kpps using Teliasonera Jul 19 17:54 - 18:33 (0:39) triggered at router "rMPLSPolo1BR02". (expected rate:
60.5 Mbps, 6.1 Kpps Misuse Types: 2.50 Kpps, observed rate: 6.14 Kpps) (by auto-
IP Fragmentation annotation)
Possible Attack
DoS Host Alert
The "IP Fragmentation" host alert signature severity rate
Medium Incoming Host Alert to 179.7.193.207
configured for "HFC_CGN_Trujillo" has been exceeded,
195766 374.0% of 10 Kpps using HFC_CGN_Trujillo Jul 19 17:53 - 17:59 (0:06)
changing Severity Level from low to medium (expected
660.4 Mbps, 65.3 Kpps Misuse Types:
rate: 10.00 Kpps, observed rate: 37.44 Kpps) (by auto-
IP Fragmentation, UDP, CLDAP Amplification
annotation)
DoS Host Alert
Possible Attack
Low Outgoing Host Alert from 128.116.112.44
The "TCP SYN" host alert signature has been triggered at
195765 49.0% of 10 Kpps using Teliasonera Jul 19 17:40 - 18:35 (0:55)
router "rMPLSPolo1BR02". (expected rate: 2.50 Kpps,
3.0 Mbps, 4.9 Kpps Misuse Types:
observed rate: 2.77 Kpps) (by auto-annotation)
TCP SYN, TCP RST
DoS Host Alert
Possible Attack
Low Incoming Host Alert to 179.6.34.199
The "UDP" host alert signature has been triggered at
195764 54.0% of 100 Kpps using HFC_CGN_CUZCO_1 Jul 19 17:37 - 17:42 (0:05)
router "rMPLSPolo1BR02". (expected rate: 50.00 Kpps,
522.4 Mbps, 54.4 Kpps Misuse Types:
observed rate: 54.42 Kpps) (by auto-annotation)
UDP
DoS Host Alert
Possible Attack
Low Outgoing Host Alert from 128.116.112.44
The "TCP SYN" host alert signature has been triggered at
195763 35.0% of 10 Kpps using Teliasonera Jul 19 17:27 - 17:35 (0:08)
router "rMPLSPolo1BR02". (expected rate: 2.50 Kpps,
1.9 Mbps, 3.5 Kpps Misuse Types:
observed rate: 2.77 Kpps) (by auto-annotation)
TCP SYN
DoS Host Alert Possible Attack
Low Outgoing Host Alert from 163.172.6.135 The "IP Fragmentation" host alert signature has been
195762 38.0% of 10 Kpps using Level3 Jul 19 17:27 - 17:34 (0:07) triggered at router "rMPLSPolo1BR02". (expected rate:
38.3 Mbps, 3.8 Kpps Misuse Types: 2.50 Kpps, observed rate: 2.62 Kpps) (by auto-
IP Fragmentation annotation)
DoS Host Alert
Possible Attack
Low Outgoing Host Alert from 151.101.6.2
The "TCP SYN" host alert signature has been triggered at
195761 50.0% of 10 Kpps using Teliasonera Jul 19 17:05 - 17:29 (0:24)
router "rMPLSPolo1BR02". (expected rate: 2.50 Kpps,
3.0 Mbps, 5.0 Kpps Misuse Types:
observed rate: 2.52 Kpps) (by auto-annotation)
TCP SYN, TCP RST
DoS Host Alert
Possible Attack
Low Outgoing Host Alert from 151.101.6.2
The "TCP SYN" host alert signature has been triggered at
195760 48.0% of 10 Kpps using Teliasonera Jul 19 16:56 - 17:03 (0:07)
router "rMPLSPolo1BR02". (expected rate: 2.50 Kpps,
2.6 Mbps, 4.3 Kpps Misuse Types:
observed rate: 2.72 Kpps) (by auto-annotation)
TCP SYN, TCP RST
DoS Host Alert
Possible Attack
Low Incoming Host Alert to 190.117.164.165
The "UDP" host alert signature has been triggered at
195759 72.0% of 100 Kpps using HFC Pyme - IPv4 Jul 19 16:55 - 17:00 (0:05)
router "rMPLSVillaSalvadorBR01". (expected rate: 50.00
844.6 Mbps, 71.7 Kpps Misuse Types:
Kpps, observed rate: 71.67 Kpps) (by auto-annotation)
UDP
DoS Host Alert Possible Attack
Low Outgoing Host Alert from 38.143.11.180 The "IP Fragmentation" host alert signature has been
195758 33.0% of 10 Kpps using Teliasonera Jul 19 16:55 - 17:00 (0:05) triggered at router "rMPLSVillaSalvadorBR01". (expected
33.8 Mbps, 3.3 Kpps Misuse Types: rate: 2.50 Kpps, observed rate: 3.32 Kpps) (by auto-
IP Fragmentation annotation)
DoS Host Alert
Possible Attack
Low Outgoing Host Alert from 45.131.184.73
The "TCP SYN" host alert signature has been triggered at
195757 71.0% of 10 Kpps using Teliasonera Jul 19 16:45 - 16:50 (0:05)
router "rMPLSPolo1BR02". (expected rate: 2.50 Kpps,
4.2 Mbps, 7.1 Kpps Misuse Types:
observed rate: 7.09 Kpps) (by auto-annotation)
TCP SYN
Possible Attack
DoS Host Alert
The "IP Fragmentation" host alert signature severity rate
Medium Incoming Host Alert to 179.6.204.52
configured for "HFC CGN VES - Huawei" has been
195756 149.0% of 10 Kpps using HFC CGN VES - Huawei Jul 19 16:33 - 16:38 (0:05)
exceeded, changing Severity Level from low to medium
7.1 Mbps, 14.9 Kpps Misuse Types:
(expected rate: 10.00 Kpps, observed rate: 14.89 Kpps)
IP Fragmentation
(by auto-annotation)
DoS Host Alert
Possible Attack
Low Outgoing Host Alert from 151.101.6.2
The "TCP RST" host alert signature has been triggered at
195755 45.0% of 10 Kpps using Teliasonera Jul 19 16:26 - 16:37 (0:11)
router "rMPLSPolo1BR02". (expected rate: 2.50 Kpps,
2.1 Mbps, 4.4 Kpps Misuse Types:
observed rate: 2.67 Kpps) (by auto-annotation)
TCP RST
DoS Host Alert Possible Attack
Low Outgoing Host Alert from 173.72.197.187 The "IP Fragmentation" host alert signature has been
195754 63.0% of 10 Kpps using Teliasonera Jul 19 16:18 - 16:25 (0:07) triggered at router "rMPLSPolo1BR02". (expected rate:
62.6 Mbps, 6.3 Kpps Misuse Types: 2.50 Kpps, observed rate: 4.47 Kpps) (by auto-
IP Fragmentation annotation)
DoS Host Alert
Possible Attack
Low Incoming Host Alert to 2800:200:f100:25a1:618f:f020:60c3:350f
The "UDP" host alert signature has been triggered at
195753 68.0% of 100 Kpps using HFC Prov Norte IPv6 Jul 19 16:14 - 16:19 (0:05)
router "rMPLSPolo1BR02". (expected rate: 50.00 Kpps,
759.4 Mbps, 68.2 Kpps Misuse Types:
observed rate: 68.19 Kpps) (by auto-annotation)
UDP
DoS Host Alert Possible Attack
Low Outgoing Host Alert from 185.44.76.150 The "IP Fragmentation" host alert signature has been
195752 41.0% of 10 Kpps using Teliasonera Jul 19 16:13 - 16:23 (0:10) triggered at router "rMPLSPolo1BR02". (expected rate:
42.4 Mbps, 4.1 Kpps Misuse Types: 2.50 Kpps, observed rate: 3.42 Kpps) (by auto-
IP Fragmentation annotation)
DoS Host Alert
Possible Attack
Low Outgoing Host Alert from 58.82.247.72
The "TCP SYN" host alert signature has been triggered at
195751 66.0% of 10 Kpps using Ntt Jul 19 16:13 - 16:21 (0:08)
router "rMPLSVillaSalvadorBR01". (expected rate: 2.50
3.2 Mbps, 6.6 Kpps Misuse Types:
Kpps, observed rate: 6.34 Kpps) (by auto-annotation)
TCP SYN
DoS Host Alert
Possible Attack
Low Outgoing Host Alert from 58.82.247.72
The "TCP SYN" host alert signature has been triggered at
195750 67.0% of 10 Kpps using Gtt Jul 19 16:12 - 16:20 (0:08)
router "rMPLSPolo1BR02". (expected rate: 2.50 Kpps,
3.2 Mbps, 6.7 Kpps Misuse Types:
observed rate: 6.74 Kpps) (by auto-annotation)
TCP SYN

page 5 of 6
DoS Host Alert
Possible Attack
Low Outgoing Host Alert from 218.93.206.190
The "TCP SYN" host alert signature has been triggered at
195749 47.0% of 10 Kpps using Teliasonera Jul 19 15:39 - 15:44 (0:05)
router "rMPLSPolo1BR02". (expected rate: 2.50 Kpps,
2.9 Mbps, 4.7 Kpps Misuse Types:
observed rate: 4.70 Kpps) (by auto-annotation)
TCP SYN
DoS Host Alert Possible Attack
Low Outgoing Host Alert from 185.44.76.150 The "IP Fragmentation" host alert signature has been
195748 58.0% of 10 Kpps using Teliasonera Jul 19 15:27 - 15:52 (0:25) triggered at router "rMPLSPolo1BR02". (expected rate:
58.2 Mbps, 5.8 Kpps Misuse Types: 2.50 Kpps, observed rate: 3.33 Kpps) (by auto-
IP Fragmentation annotation)
Possible Attack
DoS Host Alert
The "UDP" host alert signature severity rate configured
Medium Incoming Host Alert to 179.7.136.62
for "MOVIL_CGN_Trujillo" has been exceeded, changing
195747 104.0% of 100 Kpps using MOVIL_CGN_Trujillo Jul 19 15:25 - 15:34 (0:09)
Severity Level from low to medium (expected rate:
66.7 Mbps, 104.1 Kpps Misuse Types:
100.00 Kpps, observed rate: 104.07 Kpps) (by auto-
UDP
annotation)

For assistance with this product, please contact support at https://support.arbornetworks.com

page 6 of 6

You might also like