All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Methods of Detecting DDoS Automatically
randvegeta
Member, Host Rep
Hello all.
I'm wondering about methods of automatic DDoS detection on a simple network.
We have a network that uses VyOS based routers and 99.9% of the time there is no DDoS attack to worry about. Just in case though, we have a network on stand-by that handles very large attacks. During an attack, the network is switched over manually. The commands to push to the routers are exceedingly simple, but I'm wondering if there is an easy method of detecting that the traffic coming in is actually DDoS which in turn would trigger the enabling of the DDoS protected network.
Obviously traffic graphs and NetFlow are helpful, but at the moment the information is deciphered by a human who then takes action manually. It would be nice to have an automatic function for this.
Anyone have any suggestions what the best way to go about this would be?
If and out of the box solution exists, that would be great, otherwise I am open to programming this myself from scratch, or commissioning the work from someone here if they are able to do it faster/cheaper than I or my team.
Comments
Maybe something like FastNetMon? It can call a custom script whenever it detects a DDOS, and looks like it supports VyOS.
Put an IP camera pointed towards the activity lights
Never got such brilliant idea!
Fastnetmon might be the best solution for you - works stable for us on a few traffic analyzation boxes.
@niels and @Kabeldamagement
Looks interesting. Any idea as to pricing info? Cant seem to find info on their site.
Fastnetmon is free & open-sourced, only the "advanced" package is paid:
https://github.com/pavel-odintsov/fastnetmon
Its basically free, see https://github.com/pavel-odintsov/fastnetmon/
Yes, we have two versions. FNM community is absolutely free and open source, you could find it here: https://github.com/pavel-odintsov/fastnetmon
And we have FastNetMon Advanced, it provides number of nice additions to community edition: https://fastnetmon.com/compare-community-and-advanced/
We use subscription model and charge fixed amount per month but we need some additional data to prepare quote for you: https://fastnetmon.com/price-quote-request/
fastnemon is your preferred choice. We suggest that on customers that not want use our paid sensors and are very happy.
You can't go wrong with it
LOL, cool LET troll!
Only problem is that regular traffic will make the lights flicker as well
It'll be quite a bit more flickery, though.
Run a VPS company. You'll get tickets before even your most sensitive monitors detect an issue.
We built a few shell scripts on top of netflow which analyze the traffic every min, detect a ddos and make the routing changes. So within a minute, ddos gets deflected.
Too hard to come up with a system that can detect fast flickering. What if someone started downloading a file? Trigger OVH's super sensitive VAC!
FastNetMon is great. Definitely recommended. We used to use it extensively when our network was much simpler. Can't say a bad word about it
Thanks for feedback!
+1 for FastNetMon, Found it very useful on our network
Seems FastNetMon is the only option then. Thanks everyone. Will give it a try.
there is also https://www.andrisoft.com/software/wanguard which is for example used by leaseweb
Planned for revision 2.0.
We have fixed prices for 10GE/40GE/100GE licenses and we decided to publish them at site: https://fastnetmon.com/price/ So, you do not need to ask quote anymore