Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Sign In Register

Quick Links


Categories

FastNetMon - open source DDoS detection new release 1.1.2
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

FastNetMon - open source DDoS detection new release 1.1.2

Pavel_OdintsovPavel_Odintsov Member
in Tutorials

Hello, folks!

This article will continue http://www.lowendtalk.com/discussion/43473/open-source-ddos-dos-monitoring-toolkit-fastnetmon

We have spent about 10 months for development of FastNetMon and could present huge feature list now! :)

Stop! What is FastNetMon?

It's really very fast toolkit which could find attacked host in your
network and block it (or redirect to filtering appliance)

This solution could save your network and your sleep :)

Our site located here: https://github.com/FastVPSEestiOu/fastnetmon

We support following engines for traffic capture:

  • Netflow (v5, v9 and IPFIX)
  • sFLOW v5
  • port mirror/SPAN (PF_RING and netmap supported)

Also we have deep integration with ExaBGP (huge thanks to Thomas
Mangin) for triggering blackhole on the Core Router or upstream.

Since 1.0 version we have added support for following features:

  • Ability to detect most popular attack types: syn_flood, icmp_flood,
    udp_flood, ip_fragmentation_flood

  • Add support for Netmap for Linux (we have prepared special driver
    for ixgbe users: https://github.com/pavel-odintsov/ixgbe-linux-netmap)
    and FreeBSD.

  • Add support for PF_RING ZC (very fast but need license from ntop folks)

  • Add ability to collect netflow v9/IPFIX data from multiple devices
    with different templates set

  • Basic support for IPv6 (we could receive netflow data over IPv6)

  • Add plugin support for capture engines

  • Add support of L2TP decapsulation (important for DDoS attack
    detection inside tunnel)

  • Add ability to store attack details in Redis

  • Add Graphite/Grafana integration for traffic visualization
  • Add systemd unit file
  • Add ability to unblock host after some timeout
  • Introduce support of moving average for all counters

  • Add ExaBGP integration. We could announce attacked host with BGP to
    border router or uplink

  • Add so much details in attack report

  • Add ability to store attack fingerprint in file

We have complete support for following platforms:

  • Fedora 21
  • Debian 6, 7, 8
  • CentOS 6, 7
  • FreeBSD 9, 10, 11
  • DragonflyBSD 4
  • MacOS X 10.10

From network equipment side we have tested solution with:

  • Cisco ASR
  • Juniper MX
  • Extreme Summit
  • ipt_NETFLOW Linux

We have binary packages for this operation systems:

For any other operation systems we recommend automatic installer
script: https://github.com/FastVPSEestiOu/fastnetmon/blob/master/docs/INSTALL.md

Please join to our mail list or ask about anything here
https://groups.google.com/forum/#!forum/fastnetmon

Thank you for your attention!

Sign In or Register to comment.