FastNetMon 1.1.2 - open source solution for DoS/DDoS mitigation

Wed Jun 3 14:52:25 UTC 2015

Hello!

Thank you! Please share your experience after tests!

On Wed, Jun 3, 2015 at 5:50 PM, Budiwijaya <bbuuddiiww at gmail.com> wrote:
> Yep, definitely i'll give this a trial run.
> We are developing nullroute application internally.
> I'll try to run this in our lab.
>
> On Wed, Jun 3, 2015 at 3:16 AM, Pavel Odintsov <pavel.odintsov at gmail.com> wrote:
>> Hello, Nanog!
>>
>> I'm very pleased to present my open source DoS/DDoS attack monitoring
>> toolkit here!
>>
>> We have spent about 10 months for development of FastNetMon and could
>> present huge feature list now! :)
>>
>> Stop! What is FastNetMon?
>>
>> It's really very fast toolkit which could find attacked host in your
>> network and block it (or redirect to filtering appliance)
>>
>> This solution could save your network and your sleep :)
>>
>> Our site located here: https://github.com/FastVPSEestiOu/fastnetmon
>>
>> We support following engines for traffic capture:
>> - Netflow (v5, v9 and IPFIX)
>> - sFLOW v5
>> - port mirror/SPAN (PF_RING and netmap supported)
>>
>> Also we have deep integration with ExaBGP (huge thanks to Thomas
>> Mangin) for triggering blackhole on the Core Router or upstream.
>>
>> Since 1.0 version we have added support for following features:
>> - Ability to detect most popular attack types: syn_flood, icmp_flood,
>> udp_flood, ip_fragmentation_flood
>> - Add support for Netmap for Linux (we have prepared special driver
>> for ixgbe users: https://github.com/pavel-odintsov/ixgbe-linux-netmap)
>> and FreeBSD.
>> - Add support for PF_RING ZC (very fast but need license from ntop folks)
>> - Add ability to collect netflow v9/IPFIX data from multiple devices
>> with different templates set
>> - Basic support for IPv6 (we could receive netflow data over IPv6)
>> - Add plugin support for capture engines
>> - Add support of L2TP decapsulation (important for DDoS attack
>> detection inside tunnel)
>> - Add ability to store attack details in Redis
>> - Add Graphite/Grafana integration for traffic visualization
>> - Add systemd unit file
>> - Add ability to unblock host after some timeout
>> - Introduce support of moving average for all counters
>> - Add ExaBGP integration. We could announce attacked host with BGP to
>> border router or uplink
>> - Add so much details in attack report
>> - Add ability to store attack fingerprint in file
>>
>> We have complete support for following platforms:
>> - Fedora 21
>> - Debian 6, 7, 8
>> - CentOS 6, 7
>> - FreeBSD 9, 10, 11
>> - DragonflyBSD 4
>> - MacOS X 10.10
>>
>> From network equipment side we have tested solution with:
>> - Cisco ASR
>> - Juniper MX
>> - Extreme Summit
>> - ipt_NETFLOW Linux
>>
>> We have binary packages for this operation systems:
>> - CentOS 6: https://github.com/FastVPSEestiOu/fastnetmon/tree/master/packages/CentOS6
>> - CentOS 7: https://github.com/FastVPSEestiOu/fastnetmon/tree/master/packages/CentOS7
>> - Fedora 21: https://github.com/FastVPSEestiOu/fastnetmon/tree/master/packages/Fedora21
>> - FreeBSD: https://github.com/FastVPSEestiOu/fastnetmon/tree/master/src/FreeBSD_port
>>
>> For any other operation systems we recommend automatic installer
>> script: https://github.com/FastVPSEestiOu/fastnetmon/blob/master/docs/INSTALL.md
>>
>> Please join to our mail list or ask about anything here
>> https://groups.google.com/forum/#!forum/fastnetmon
>>
>> Thank you for your attention!
>>
>> --
>> Sincerely yours, Pavel Odintsov

-- 
Sincerely yours, Pavel Odintsov