FastNetMon 1.1.2 - open source solution for DoS/DDoS mitigation

Johan Kooijman mail at johankooijman.com
Wed Jun 3 06:31:53 UTC 2015


Interesting project, Pavel. I'll most certainly give this a trial run.

On Tue, Jun 2, 2015 at 10:16 PM, Pavel Odintsov <pavel.odintsov at gmail.com>
wrote:

> Hello, Nanog!
>
> I'm very pleased to present my open source DoS/DDoS attack monitoring
> toolkit here!
>
> We have spent about 10 months for development of FastNetMon and could
> present huge feature list now! :)
>
> Stop! What is FastNetMon?
>
> It's really very fast toolkit which could find attacked host in your
> network and block it (or redirect to filtering appliance)
>
> This solution could save your network and your sleep :)
>
> Our site located here: https://github.com/FastVPSEestiOu/fastnetmon
>
> We support following engines for traffic capture:
> - Netflow (v5, v9 and IPFIX)
> - sFLOW v5
> - port mirror/SPAN (PF_RING and netmap supported)
>
> Also we have deep integration with ExaBGP (huge thanks to Thomas
> Mangin) for triggering blackhole on the Core Router or upstream.
>
> Since 1.0 version we have added support for following features:
> - Ability to detect most popular attack types: syn_flood, icmp_flood,
> udp_flood, ip_fragmentation_flood
> - Add support for Netmap for Linux (we have prepared special driver
> for ixgbe users: https://github.com/pavel-odintsov/ixgbe-linux-netmap)
> and FreeBSD.
> - Add support for PF_RING ZC (very fast but need license from ntop folks)
> - Add ability to collect netflow v9/IPFIX data from multiple devices
> with different templates set
> - Basic support for IPv6 (we could receive netflow data over IPv6)
> - Add plugin support for capture engines
> - Add support of L2TP decapsulation (important for DDoS attack
> detection inside tunnel)
> - Add ability to store attack details in Redis
> - Add Graphite/Grafana integration for traffic visualization
> - Add systemd unit file
> - Add ability to unblock host after some timeout
> - Introduce support of moving average for all counters
> - Add ExaBGP integration. We could announce attacked host with BGP to
> border router or uplink
> - Add so much details in attack report
> - Add ability to store attack fingerprint in file
>
> We have complete support for following platforms:
> - Fedora 21
> - Debian 6, 7, 8
> - CentOS 6, 7
> - FreeBSD 9, 10, 11
> - DragonflyBSD 4
> - MacOS X 10.10
>
> From network equipment side we have tested solution with:
> - Cisco ASR
> - Juniper MX
> - Extreme Summit
> - ipt_NETFLOW Linux
>
> We have binary packages for this operation systems:
> - CentOS 6:
> https://github.com/FastVPSEestiOu/fastnetmon/tree/master/packages/CentOS6
> - CentOS 7:
> https://github.com/FastVPSEestiOu/fastnetmon/tree/master/packages/CentOS7
> - Fedora 21:
> https://github.com/FastVPSEestiOu/fastnetmon/tree/master/packages/Fedora21
> - FreeBSD:
> https://github.com/FastVPSEestiOu/fastnetmon/tree/master/src/FreeBSD_port
>
> For any other operation systems we recommend automatic installer
> script:
> https://github.com/FastVPSEestiOu/fastnetmon/blob/master/docs/INSTALL.md
>
> Please join to our mail list or ask about anything here
> https://groups.google.com/forum/#!forum/fastnetmon
>
> Thank you for your attention!
>
> --
> Sincerely yours, Pavel Odintsov
>



-- 
Met vriendelijke groeten / With kind regards,
Johan Kooijman



More information about the NANOG mailing list