FastNetMon 1.1.2 - open source solution for DoS/DDoS mitigation

Pavel Odintsov pavel.odintsov at gmail.com
Wed Jun 3 06:54:06 UTC 2015


Thank you for interest! Feel free to ask me about anything! Feature
requests very appreciate!

On Wed, Jun 3, 2015 at 9:31 AM, Johan Kooijman <mail at johankooijman.com> wrote:
> Interesting project, Pavel. I'll most certainly give this a trial run.
>
> On Tue, Jun 2, 2015 at 10:16 PM, Pavel Odintsov <pavel.odintsov at gmail.com>
> wrote:
>>
>> Hello, Nanog!
>>
>> I'm very pleased to present my open source DoS/DDoS attack monitoring
>> toolkit here!
>>
>> We have spent about 10 months for development of FastNetMon and could
>> present huge feature list now! :)
>>
>> Stop! What is FastNetMon?
>>
>> It's really very fast toolkit which could find attacked host in your
>> network and block it (or redirect to filtering appliance)
>>
>> This solution could save your network and your sleep :)
>>
>> Our site located here: https://github.com/FastVPSEestiOu/fastnetmon
>>
>> We support following engines for traffic capture:
>> - Netflow (v5, v9 and IPFIX)
>> - sFLOW v5
>> - port mirror/SPAN (PF_RING and netmap supported)
>>
>> Also we have deep integration with ExaBGP (huge thanks to Thomas
>> Mangin) for triggering blackhole on the Core Router or upstream.
>>
>> Since 1.0 version we have added support for following features:
>> - Ability to detect most popular attack types: syn_flood, icmp_flood,
>> udp_flood, ip_fragmentation_flood
>> - Add support for Netmap for Linux (we have prepared special driver
>> for ixgbe users: https://github.com/pavel-odintsov/ixgbe-linux-netmap)
>> and FreeBSD.
>> - Add support for PF_RING ZC (very fast but need license from ntop folks)
>> - Add ability to collect netflow v9/IPFIX data from multiple devices
>> with different templates set
>> - Basic support for IPv6 (we could receive netflow data over IPv6)
>> - Add plugin support for capture engines
>> - Add support of L2TP decapsulation (important for DDoS attack
>> detection inside tunnel)
>> - Add ability to store attack details in Redis
>> - Add Graphite/Grafana integration for traffic visualization
>> - Add systemd unit file
>> - Add ability to unblock host after some timeout
>> - Introduce support of moving average for all counters
>> - Add ExaBGP integration. We could announce attacked host with BGP to
>> border router or uplink
>> - Add so much details in attack report
>> - Add ability to store attack fingerprint in file
>>
>> We have complete support for following platforms:
>> - Fedora 21
>> - Debian 6, 7, 8
>> - CentOS 6, 7
>> - FreeBSD 9, 10, 11
>> - DragonflyBSD 4
>> - MacOS X 10.10
>>
>> From network equipment side we have tested solution with:
>> - Cisco ASR
>> - Juniper MX
>> - Extreme Summit
>> - ipt_NETFLOW Linux
>>
>> We have binary packages for this operation systems:
>> - CentOS 6:
>> https://github.com/FastVPSEestiOu/fastnetmon/tree/master/packages/CentOS6
>> - CentOS 7:
>> https://github.com/FastVPSEestiOu/fastnetmon/tree/master/packages/CentOS7
>> - Fedora 21:
>> https://github.com/FastVPSEestiOu/fastnetmon/tree/master/packages/Fedora21
>> - FreeBSD:
>> https://github.com/FastVPSEestiOu/fastnetmon/tree/master/src/FreeBSD_port
>>
>> For any other operation systems we recommend automatic installer
>> script:
>> https://github.com/FastVPSEestiOu/fastnetmon/blob/master/docs/INSTALL.md
>>
>> Please join to our mail list or ask about anything here
>> https://groups.google.com/forum/#!forum/fastnetmon
>>
>> Thank you for your attention!
>>
>> --
>> Sincerely yours, Pavel Odintsov
>
>
>
>
> --
> Met vriendelijke groeten / With kind regards,
> Johan Kooijman



-- 
Sincerely yours, Pavel Odintsov



More information about the NANOG mailing list