DDOS, IDS, RTBH, and Rate limiting

Pavel Odintsov pavel.odintsov at gmail.com
Thu Nov 20 21:36:07 UTC 2014

Hello, folks!

I'm author of fastnetmon, thank you for some PR for my toolkit :)

I use this tool for similar type of attacks and we do analyze all
traffic from uplinks ports using port mirroring. You can look at this
network diagram:

I tried to use netflow many years ago but it's not accurate enough and
not so fast enough and produce big overhead on middle class network
routers. It's because I wrote this tool and do every packet analyze.
It can detect attack in 2 seconds max and call BGP blackhole as quick
as thought.

It can detect three types of attacks:
1) Speed attack for certain IP (we ban every IP which exceed 1 Gbps)
2) Packet per second attack for certain IP (we ban every IP which
exceed 100 000 ppps)
3) And flow flood (very useful mode in networks with big bandwidth/pps
per client)

FastNetMon can handle 2-3 million of packets per second and ~20Gbps on
standard i7 2600 Linux box with Intel 82599 NIC.

If you need any help or suggestions you can email me directly or ask via GitHub.

Thank you!

Sincerely yours, Pavel Odintsov

More information about the NANOG mailing list