Re: FastNetMon 1.1.2 - open source solution for DoS/DDoS mitigation
Hello, Nanog!
I have speech at ENOG 9 and would like to share my slides there:
http://www.enog.org/presentations/enog-9/17-FastNetMon_ENOG_pdf.pdf
Thank you for attention!
On Thursday, June 4, 2015, Rafael Possamai raf...@gav.ufsc.br wrote:
You could look into LXD for that type of deployment.
On Thu, Jun 4, 2015 at 12:55 PM, Pavel Odintsov pavel.odint...@gmail.com
javascript:_e(%7B%7D,'cvml','pavel.odint...@gmail.com'); wrote:
Brilliant idea! But in Docker we could offer only sflow and sflow. Port
mirror capture need support from the kernel side. Will try shortly!
On Thursday, June 4, 2015, Roberto Bertó roberto.be...@gmail.com
javascript:_e(%7B%7D,'cvml','roberto.be...@gmail.com'); wrote:
What about we build a Docker?
2015-06-04 14:47 GMT-03:00 Alexander Maassen outsi...@scarynet.org
javascript:_e(%7B%7D,'cvml','outsi...@scarynet.org');
javascript:;:
It's a security tool. So ppl using it want to publicly hide the fact
they
use it in case you screw up and it contains leaks ;)
Oorspronkelijk bericht
Van: Pavel Odintsov pavel.odint...@gmail.com
javascript:_e(%7B%7D,'cvml','pavel.odint...@gmail.com');
javascript:;
Datum:
Aan: Jim Popovitch jim...@gmail.com
javascript:_e(%7B%7D,'cvml','jim...@gmail.com'); javascript:;
Cc: nanog@nanog.org javascript:_e(%7B%7D,'cvml','nanog@nanog.org');
javascript:;
Onderwerp: Re: FastNetMon 1.1.2 - open source solution for DoS/DDoS
mitigation
Looks like many folks want hide company emails ;) I'm good guy and
will
not
spam or offer slmething ;)))
But I'm impressed about amount of off list requests. Really huge
interest
in tool.
On Thursday, June 4, 2015, Jim Popovitch jim...@gmail.com
javascript:_e(%7B%7D,'cvml','jim...@gmail.com');
javascript:; wrote:
There's a surprising amount of GMail (yes, including me) and
new-ness
in this thread.Should I be impressed with the freshness or
concerned about astroturfing? :-)
Bah Humbug!
-Jim P.
--
Sincerely yours, Pavel Odintsov
--
Sincerely yours, Pavel Odintsov
--
Sincerely yours, Pavel Odintsov
Re: FastNetMon 1.1.2 - open source solution for DoS/DDoS mitigation
Hello, folks!
Due to huge interest about VM's I have prepared VyOS based ISO image
with FastNetMon:
https://github.com/FastVPSEestiOu/fastnetmon/blob/master/docs/VYOS_BINARY_ISO_IMAGE.md
You could run it with any virtual machine and just aim your
sflow/netflow targets to it! :)
On Thu, Jun 4, 2015 at 9:26 PM, Rafael Possamai raf...@gav.ufsc.br wrote:
You could look into LXD for that type of deployment.
On Thu, Jun 4, 2015 at 12:55 PM, Pavel Odintsov pavel.odint...@gmail.com
wrote:
Brilliant idea! But in Docker we could offer only sflow and sflow. Port
mirror capture need support from the kernel side. Will try shortly!
On Thursday, June 4, 2015, Roberto Bertó roberto.be...@gmail.com wrote:
What about we build a Docker?
2015-06-04 14:47 GMT-03:00 Alexander Maassen outsi...@scarynet.org
javascript:;:
It's a security tool. So ppl using it want to publicly hide the fact
they
use it in case you screw up and it contains leaks ;)
Oorspronkelijk bericht
Van: Pavel Odintsov pavel.odint...@gmail.com javascript:;
Datum:
Aan: Jim Popovitch jim...@gmail.com javascript:;
Cc: nanog@nanog.org javascript:;
Onderwerp: Re: FastNetMon 1.1.2 - open source solution for DoS/DDoS
mitigation
Looks like many folks want hide company emails ;) I'm good guy and
will
not
spam or offer slmething ;)))
But I'm impressed about amount of off list requests. Really huge
interest
in tool.
On Thursday, June 4, 2015, Jim Popovitch jim...@gmail.com
javascript:; wrote:
There's a surprising amount of GMail (yes, including me) and
new-ness
in this thread.Should I be impressed with the freshness or
concerned about astroturfing? :-)
Bah Humbug!
-Jim P.
--
Sincerely yours, Pavel Odintsov
--
Sincerely yours, Pavel Odintsov
--
Sincerely yours, Pavel Odintsov
Re: FastNetMon 1.1.2 - open source solution for DoS/DDoS mitigation
It's a security tool. So ppl using it want to publicly hide the fact they use it in case you screw up and it contains leaks ;) Oorspronkelijk bericht Van: Pavel Odintsov pavel.odint...@gmail.com Datum: Aan: Jim Popovitch jim...@gmail.com Cc: nanog@nanog.org Onderwerp: Re: FastNetMon 1.1.2 - open source solution for DoS/DDoS mitigation Looks like many folks want hide company emails ;) I'm good guy and will not spam or offer slmething ;))) But I'm impressed about amount of off list requests. Really huge interest in tool. On Thursday, June 4, 2015, Jim Popovitch jim...@gmail.com wrote: There's a surprising amount of GMail (yes, including me) and new-ness in this thread. Should I be impressed with the freshness or concerned about astroturfing? :-) Bah Humbug! -Jim P. -- Sincerely yours, Pavel Odintsov
Re: FastNetMon 1.1.2 - open source solution for DoS/DDoS mitigation
Brilliant idea! But in Docker we could offer only sflow and sflow. Port mirror capture need support from the kernel side. Will try shortly! On Thursday, June 4, 2015, Roberto Bertó roberto.be...@gmail.com wrote: What about we build a Docker? 2015-06-04 14:47 GMT-03:00 Alexander Maassen outsi...@scarynet.org javascript:;: It's a security tool. So ppl using it want to publicly hide the fact they use it in case you screw up and it contains leaks ;) Oorspronkelijk bericht Van: Pavel Odintsov pavel.odint...@gmail.com javascript:; Datum: Aan: Jim Popovitch jim...@gmail.com javascript:; Cc: nanog@nanog.org javascript:; Onderwerp: Re: FastNetMon 1.1.2 - open source solution for DoS/DDoS mitigation Looks like many folks want hide company emails ;) I'm good guy and will not spam or offer slmething ;))) But I'm impressed about amount of off list requests. Really huge interest in tool. On Thursday, June 4, 2015, Jim Popovitch jim...@gmail.com javascript:; wrote: There's a surprising amount of GMail (yes, including me) and new-ness in this thread.Should I be impressed with the freshness or concerned about astroturfing? :-) Bah Humbug! -Jim P. -- Sincerely yours, Pavel Odintsov -- Sincerely yours, Pavel Odintsov
Re: FastNetMon 1.1.2 - open source solution for DoS/DDoS mitigation
Looks like many folks want hide company emails ;) I'm good guy and will not spam or offer slmething ;))) But I'm impressed about amount of off list requests. Really huge interest in tool. On Thursday, June 4, 2015, Jim Popovitch jim...@gmail.com wrote: There's a surprising amount of GMail (yes, including me) and new-ness in this thread.Should I be impressed with the freshness or concerned about astroturfing? :-) Bah Humbug! -Jim P. -- Sincerely yours, Pavel Odintsov
Re: FastNetMon 1.1.2 - open source solution for DoS/DDoS mitigation
What about we build a Docker? 2015-06-04 14:47 GMT-03:00 Alexander Maassen outsi...@scarynet.org: It's a security tool. So ppl using it want to publicly hide the fact they use it in case you screw up and it contains leaks ;) Oorspronkelijk bericht Van: Pavel Odintsov pavel.odint...@gmail.com Datum: Aan: Jim Popovitch jim...@gmail.com Cc: nanog@nanog.org Onderwerp: Re: FastNetMon 1.1.2 - open source solution for DoS/DDoS mitigation Looks like many folks want hide company emails ;) I'm good guy and will not spam or offer slmething ;))) But I'm impressed about amount of off list requests. Really huge interest in tool. On Thursday, June 4, 2015, Jim Popovitch jim...@gmail.com wrote: There's a surprising amount of GMail (yes, including me) and new-ness in this thread.Should I be impressed with the freshness or concerned about astroturfing? :-) Bah Humbug! -Jim P. -- Sincerely yours, Pavel Odintsov
Re: FastNetMon 1.1.2 - open source solution for DoS/DDoS mitigation
You could look into LXD for that type of deployment.
On Thu, Jun 4, 2015 at 12:55 PM, Pavel Odintsov pavel.odint...@gmail.com
wrote:
Brilliant idea! But in Docker we could offer only sflow and sflow. Port
mirror capture need support from the kernel side. Will try shortly!
On Thursday, June 4, 2015, Roberto Bertó roberto.be...@gmail.com wrote:
What about we build a Docker?
2015-06-04 14:47 GMT-03:00 Alexander Maassen outsi...@scarynet.org
javascript:;:
It's a security tool. So ppl using it want to publicly hide the fact
they
use it in case you screw up and it contains leaks ;)
Oorspronkelijk bericht
Van: Pavel Odintsov pavel.odint...@gmail.com javascript:;
Datum:
Aan: Jim Popovitch jim...@gmail.com javascript:;
Cc: nanog@nanog.org javascript:;
Onderwerp: Re: FastNetMon 1.1.2 - open source solution for DoS/DDoS
mitigation
Looks like many folks want hide company emails ;) I'm good guy and will
not
spam or offer slmething ;)))
But I'm impressed about amount of off list requests. Really huge
interest
in tool.
On Thursday, June 4, 2015, Jim Popovitch jim...@gmail.com
javascript:; wrote:
There's a surprising amount of GMail (yes, including me) and new-ness
in this thread.Should I be impressed with the freshness or
concerned about astroturfing? :-)
Bah Humbug!
-Jim P.
--
Sincerely yours, Pavel Odintsov
--
Sincerely yours, Pavel Odintsov
Re: FastNetMon 1.1.2 - open source solution for DoS/DDoS mitigation
Dear Pavel , This is definitely interesting project . I already tested the previous version but due to some feature limitation i could not continue but i think this new version added very important features . Definitely I will trail the new version soon . On Wed, Jun 3, 2015 at 2:16 AM, Pavel Odintsov pavel.odint...@gmail.com wrote: Hello, Nanog! I'm very pleased to present my open source DoS/DDoS attack monitoring toolkit here! We have spent about 10 months for development of FastNetMon and could present huge feature list now! :) Stop! What is FastNetMon? It's really very fast toolkit which could find attacked host in your network and block it (or redirect to filtering appliance) This solution could save your network and your sleep :) Our site located here: https://github.com/FastVPSEestiOu/fastnetmon We support following engines for traffic capture: - Netflow (v5, v9 and IPFIX) - sFLOW v5 - port mirror/SPAN (PF_RING and netmap supported) Also we have deep integration with ExaBGP (huge thanks to Thomas Mangin) for triggering blackhole on the Core Router or upstream. Since 1.0 version we have added support for following features: - Ability to detect most popular attack types: syn_flood, icmp_flood, udp_flood, ip_fragmentation_flood - Add support for Netmap for Linux (we have prepared special driver for ixgbe users: https://github.com/pavel-odintsov/ixgbe-linux-netmap) and FreeBSD. - Add support for PF_RING ZC (very fast but need license from ntop folks) - Add ability to collect netflow v9/IPFIX data from multiple devices with different templates set - Basic support for IPv6 (we could receive netflow data over IPv6) - Add plugin support for capture engines - Add support of L2TP decapsulation (important for DDoS attack detection inside tunnel) - Add ability to store attack details in Redis - Add Graphite/Grafana integration for traffic visualization - Add systemd unit file - Add ability to unblock host after some timeout - Introduce support of moving average for all counters - Add ExaBGP integration. We could announce attacked host with BGP to border router or uplink - Add so much details in attack report - Add ability to store attack fingerprint in file We have complete support for following platforms: - Fedora 21 - Debian 6, 7, 8 - CentOS 6, 7 - FreeBSD 9, 10, 11 - DragonflyBSD 4 - MacOS X 10.10 From network equipment side we have tested solution with: - Cisco ASR - Juniper MX - Extreme Summit - ipt_NETFLOW Linux We have binary packages for this operation systems: - CentOS 6: https://github.com/FastVPSEestiOu/fastnetmon/tree/master/packages/CentOS6 - CentOS 7: https://github.com/FastVPSEestiOu/fastnetmon/tree/master/packages/CentOS7 - Fedora 21: https://github.com/FastVPSEestiOu/fastnetmon/tree/master/packages/Fedora21 - FreeBSD: https://github.com/FastVPSEestiOu/fastnetmon/tree/master/src/FreeBSD_port For any other operation systems we recommend automatic installer script: https://github.com/FastVPSEestiOu/fastnetmon/blob/master/docs/INSTALL.md Please join to our mail list or ask about anything here https://groups.google.com/forum/#!forum/fastnetmon Thank you for your attention! -- Sincerely yours, Pavel Odintsov -- - Jahangir
Re: FastNetMon 1.1.2 - open source solution for DoS/DDoS mitigation
There's a surprising amount of GMail (yes, including me) and new-ness in this thread.Should I be impressed with the freshness or concerned about astroturfing? :-) Bah Humbug! -Jim P.
Re: FastNetMon 1.1.2 - open source solution for DoS/DDoS mitigation
Yep, definitely i'll give this a trial run. We are developing nullroute application internally. I'll try to run this in our lab. On Wed, Jun 3, 2015 at 3:16 AM, Pavel Odintsov pavel.odint...@gmail.com wrote: Hello, Nanog! I'm very pleased to present my open source DoS/DDoS attack monitoring toolkit here! We have spent about 10 months for development of FastNetMon and could present huge feature list now! :) Stop! What is FastNetMon? It's really very fast toolkit which could find attacked host in your network and block it (or redirect to filtering appliance) This solution could save your network and your sleep :) Our site located here: https://github.com/FastVPSEestiOu/fastnetmon We support following engines for traffic capture: - Netflow (v5, v9 and IPFIX) - sFLOW v5 - port mirror/SPAN (PF_RING and netmap supported) Also we have deep integration with ExaBGP (huge thanks to Thomas Mangin) for triggering blackhole on the Core Router or upstream. Since 1.0 version we have added support for following features: - Ability to detect most popular attack types: syn_flood, icmp_flood, udp_flood, ip_fragmentation_flood - Add support for Netmap for Linux (we have prepared special driver for ixgbe users: https://github.com/pavel-odintsov/ixgbe-linux-netmap) and FreeBSD. - Add support for PF_RING ZC (very fast but need license from ntop folks) - Add ability to collect netflow v9/IPFIX data from multiple devices with different templates set - Basic support for IPv6 (we could receive netflow data over IPv6) - Add plugin support for capture engines - Add support of L2TP decapsulation (important for DDoS attack detection inside tunnel) - Add ability to store attack details in Redis - Add Graphite/Grafana integration for traffic visualization - Add systemd unit file - Add ability to unblock host after some timeout - Introduce support of moving average for all counters - Add ExaBGP integration. We could announce attacked host with BGP to border router or uplink - Add so much details in attack report - Add ability to store attack fingerprint in file We have complete support for following platforms: - Fedora 21 - Debian 6, 7, 8 - CentOS 6, 7 - FreeBSD 9, 10, 11 - DragonflyBSD 4 - MacOS X 10.10 From network equipment side we have tested solution with: - Cisco ASR - Juniper MX - Extreme Summit - ipt_NETFLOW Linux We have binary packages for this operation systems: - CentOS 6: https://github.com/FastVPSEestiOu/fastnetmon/tree/master/packages/CentOS6 - CentOS 7: https://github.com/FastVPSEestiOu/fastnetmon/tree/master/packages/CentOS7 - Fedora 21: https://github.com/FastVPSEestiOu/fastnetmon/tree/master/packages/Fedora21 - FreeBSD: https://github.com/FastVPSEestiOu/fastnetmon/tree/master/src/FreeBSD_port For any other operation systems we recommend automatic installer script: https://github.com/FastVPSEestiOu/fastnetmon/blob/master/docs/INSTALL.md Please join to our mail list or ask about anything here https://groups.google.com/forum/#!forum/fastnetmon Thank you for your attention! -- Sincerely yours, Pavel Odintsov
Re: FastNetMon 1.1.2 - open source solution for DoS/DDoS mitigation
Interesting project, Pavel. I'll most certainly give this a trial run. On Tue, Jun 2, 2015 at 10:16 PM, Pavel Odintsov pavel.odint...@gmail.com wrote: Hello, Nanog! I'm very pleased to present my open source DoS/DDoS attack monitoring toolkit here! We have spent about 10 months for development of FastNetMon and could present huge feature list now! :) Stop! What is FastNetMon? It's really very fast toolkit which could find attacked host in your network and block it (or redirect to filtering appliance) This solution could save your network and your sleep :) Our site located here: https://github.com/FastVPSEestiOu/fastnetmon We support following engines for traffic capture: - Netflow (v5, v9 and IPFIX) - sFLOW v5 - port mirror/SPAN (PF_RING and netmap supported) Also we have deep integration with ExaBGP (huge thanks to Thomas Mangin) for triggering blackhole on the Core Router or upstream. Since 1.0 version we have added support for following features: - Ability to detect most popular attack types: syn_flood, icmp_flood, udp_flood, ip_fragmentation_flood - Add support for Netmap for Linux (we have prepared special driver for ixgbe users: https://github.com/pavel-odintsov/ixgbe-linux-netmap) and FreeBSD. - Add support for PF_RING ZC (very fast but need license from ntop folks) - Add ability to collect netflow v9/IPFIX data from multiple devices with different templates set - Basic support for IPv6 (we could receive netflow data over IPv6) - Add plugin support for capture engines - Add support of L2TP decapsulation (important for DDoS attack detection inside tunnel) - Add ability to store attack details in Redis - Add Graphite/Grafana integration for traffic visualization - Add systemd unit file - Add ability to unblock host after some timeout - Introduce support of moving average for all counters - Add ExaBGP integration. We could announce attacked host with BGP to border router or uplink - Add so much details in attack report - Add ability to store attack fingerprint in file We have complete support for following platforms: - Fedora 21 - Debian 6, 7, 8 - CentOS 6, 7 - FreeBSD 9, 10, 11 - DragonflyBSD 4 - MacOS X 10.10 From network equipment side we have tested solution with: - Cisco ASR - Juniper MX - Extreme Summit - ipt_NETFLOW Linux We have binary packages for this operation systems: - CentOS 6: https://github.com/FastVPSEestiOu/fastnetmon/tree/master/packages/CentOS6 - CentOS 7: https://github.com/FastVPSEestiOu/fastnetmon/tree/master/packages/CentOS7 - Fedora 21: https://github.com/FastVPSEestiOu/fastnetmon/tree/master/packages/Fedora21 - FreeBSD: https://github.com/FastVPSEestiOu/fastnetmon/tree/master/src/FreeBSD_port For any other operation systems we recommend automatic installer script: https://github.com/FastVPSEestiOu/fastnetmon/blob/master/docs/INSTALL.md Please join to our mail list or ask about anything here https://groups.google.com/forum/#!forum/fastnetmon Thank you for your attention! -- Sincerely yours, Pavel Odintsov -- Met vriendelijke groeten / With kind regards, Johan Kooijman
Re: FastNetMon 1.1.2 - open source solution for DoS/DDoS mitigation
Thank you for interest! Feel free to ask me about anything! Feature requests very appreciate! On Wed, Jun 3, 2015 at 9:31 AM, Johan Kooijman m...@johankooijman.com wrote: Interesting project, Pavel. I'll most certainly give this a trial run. On Tue, Jun 2, 2015 at 10:16 PM, Pavel Odintsov pavel.odint...@gmail.com wrote: Hello, Nanog! I'm very pleased to present my open source DoS/DDoS attack monitoring toolkit here! We have spent about 10 months for development of FastNetMon and could present huge feature list now! :) Stop! What is FastNetMon? It's really very fast toolkit which could find attacked host in your network and block it (or redirect to filtering appliance) This solution could save your network and your sleep :) Our site located here: https://github.com/FastVPSEestiOu/fastnetmon We support following engines for traffic capture: - Netflow (v5, v9 and IPFIX) - sFLOW v5 - port mirror/SPAN (PF_RING and netmap supported) Also we have deep integration with ExaBGP (huge thanks to Thomas Mangin) for triggering blackhole on the Core Router or upstream. Since 1.0 version we have added support for following features: - Ability to detect most popular attack types: syn_flood, icmp_flood, udp_flood, ip_fragmentation_flood - Add support for Netmap for Linux (we have prepared special driver for ixgbe users: https://github.com/pavel-odintsov/ixgbe-linux-netmap) and FreeBSD. - Add support for PF_RING ZC (very fast but need license from ntop folks) - Add ability to collect netflow v9/IPFIX data from multiple devices with different templates set - Basic support for IPv6 (we could receive netflow data over IPv6) - Add plugin support for capture engines - Add support of L2TP decapsulation (important for DDoS attack detection inside tunnel) - Add ability to store attack details in Redis - Add Graphite/Grafana integration for traffic visualization - Add systemd unit file - Add ability to unblock host after some timeout - Introduce support of moving average for all counters - Add ExaBGP integration. We could announce attacked host with BGP to border router or uplink - Add so much details in attack report - Add ability to store attack fingerprint in file We have complete support for following platforms: - Fedora 21 - Debian 6, 7, 8 - CentOS 6, 7 - FreeBSD 9, 10, 11 - DragonflyBSD 4 - MacOS X 10.10 From network equipment side we have tested solution with: - Cisco ASR - Juniper MX - Extreme Summit - ipt_NETFLOW Linux We have binary packages for this operation systems: - CentOS 6: https://github.com/FastVPSEestiOu/fastnetmon/tree/master/packages/CentOS6 - CentOS 7: https://github.com/FastVPSEestiOu/fastnetmon/tree/master/packages/CentOS7 - Fedora 21: https://github.com/FastVPSEestiOu/fastnetmon/tree/master/packages/Fedora21 - FreeBSD: https://github.com/FastVPSEestiOu/fastnetmon/tree/master/src/FreeBSD_port For any other operation systems we recommend automatic installer script: https://github.com/FastVPSEestiOu/fastnetmon/blob/master/docs/INSTALL.md Please join to our mail list or ask about anything here https://groups.google.com/forum/#!forum/fastnetmon Thank you for your attention! -- Sincerely yours, Pavel Odintsov -- Met vriendelijke groeten / With kind regards, Johan Kooijman -- Sincerely yours, Pavel Odintsov
Re: FastNetMon 1.1.2 - open source solution for DoS/DDoS mitigation
Hello! Thank you! Please share your experience after tests! On Wed, Jun 3, 2015 at 5:50 PM, Budiwijaya bbuuddi...@gmail.com wrote: Yep, definitely i'll give this a trial run. We are developing nullroute application internally. I'll try to run this in our lab. On Wed, Jun 3, 2015 at 3:16 AM, Pavel Odintsov pavel.odint...@gmail.com wrote: Hello, Nanog! I'm very pleased to present my open source DoS/DDoS attack monitoring toolkit here! We have spent about 10 months for development of FastNetMon and could present huge feature list now! :) Stop! What is FastNetMon? It's really very fast toolkit which could find attacked host in your network and block it (or redirect to filtering appliance) This solution could save your network and your sleep :) Our site located here: https://github.com/FastVPSEestiOu/fastnetmon We support following engines for traffic capture: - Netflow (v5, v9 and IPFIX) - sFLOW v5 - port mirror/SPAN (PF_RING and netmap supported) Also we have deep integration with ExaBGP (huge thanks to Thomas Mangin) for triggering blackhole on the Core Router or upstream. Since 1.0 version we have added support for following features: - Ability to detect most popular attack types: syn_flood, icmp_flood, udp_flood, ip_fragmentation_flood - Add support for Netmap for Linux (we have prepared special driver for ixgbe users: https://github.com/pavel-odintsov/ixgbe-linux-netmap) and FreeBSD. - Add support for PF_RING ZC (very fast but need license from ntop folks) - Add ability to collect netflow v9/IPFIX data from multiple devices with different templates set - Basic support for IPv6 (we could receive netflow data over IPv6) - Add plugin support for capture engines - Add support of L2TP decapsulation (important for DDoS attack detection inside tunnel) - Add ability to store attack details in Redis - Add Graphite/Grafana integration for traffic visualization - Add systemd unit file - Add ability to unblock host after some timeout - Introduce support of moving average for all counters - Add ExaBGP integration. We could announce attacked host with BGP to border router or uplink - Add so much details in attack report - Add ability to store attack fingerprint in file We have complete support for following platforms: - Fedora 21 - Debian 6, 7, 8 - CentOS 6, 7 - FreeBSD 9, 10, 11 - DragonflyBSD 4 - MacOS X 10.10 From network equipment side we have tested solution with: - Cisco ASR - Juniper MX - Extreme Summit - ipt_NETFLOW Linux We have binary packages for this operation systems: - CentOS 6: https://github.com/FastVPSEestiOu/fastnetmon/tree/master/packages/CentOS6 - CentOS 7: https://github.com/FastVPSEestiOu/fastnetmon/tree/master/packages/CentOS7 - Fedora 21: https://github.com/FastVPSEestiOu/fastnetmon/tree/master/packages/Fedora21 - FreeBSD: https://github.com/FastVPSEestiOu/fastnetmon/tree/master/src/FreeBSD_port For any other operation systems we recommend automatic installer script: https://github.com/FastVPSEestiOu/fastnetmon/blob/master/docs/INSTALL.md Please join to our mail list or ask about anything here https://groups.google.com/forum/#!forum/fastnetmon Thank you for your attention! -- Sincerely yours, Pavel Odintsov -- Sincerely yours, Pavel Odintsov
FastNetMon 1.1.2 - open source solution for DoS/DDoS mitigation
Hello, Nanog! I'm very pleased to present my open source DoS/DDoS attack monitoring toolkit here! We have spent about 10 months for development of FastNetMon and could present huge feature list now! :) Stop! What is FastNetMon? It's really very fast toolkit which could find attacked host in your network and block it (or redirect to filtering appliance) This solution could save your network and your sleep :) Our site located here: https://github.com/FastVPSEestiOu/fastnetmon We support following engines for traffic capture: - Netflow (v5, v9 and IPFIX) - sFLOW v5 - port mirror/SPAN (PF_RING and netmap supported) Also we have deep integration with ExaBGP (huge thanks to Thomas Mangin) for triggering blackhole on the Core Router or upstream. Since 1.0 version we have added support for following features: - Ability to detect most popular attack types: syn_flood, icmp_flood, udp_flood, ip_fragmentation_flood - Add support for Netmap for Linux (we have prepared special driver for ixgbe users: https://github.com/pavel-odintsov/ixgbe-linux-netmap) and FreeBSD. - Add support for PF_RING ZC (very fast but need license from ntop folks) - Add ability to collect netflow v9/IPFIX data from multiple devices with different templates set - Basic support for IPv6 (we could receive netflow data over IPv6) - Add plugin support for capture engines - Add support of L2TP decapsulation (important for DDoS attack detection inside tunnel) - Add ability to store attack details in Redis - Add Graphite/Grafana integration for traffic visualization - Add systemd unit file - Add ability to unblock host after some timeout - Introduce support of moving average for all counters - Add ExaBGP integration. We could announce attacked host with BGP to border router or uplink - Add so much details in attack report - Add ability to store attack fingerprint in file We have complete support for following platforms: - Fedora 21 - Debian 6, 7, 8 - CentOS 6, 7 - FreeBSD 9, 10, 11 - DragonflyBSD 4 - MacOS X 10.10 From network equipment side we have tested solution with: - Cisco ASR - Juniper MX - Extreme Summit - ipt_NETFLOW Linux We have binary packages for this operation systems: - CentOS 6: https://github.com/FastVPSEestiOu/fastnetmon/tree/master/packages/CentOS6 - CentOS 7: https://github.com/FastVPSEestiOu/fastnetmon/tree/master/packages/CentOS7 - Fedora 21: https://github.com/FastVPSEestiOu/fastnetmon/tree/master/packages/Fedora21 - FreeBSD: https://github.com/FastVPSEestiOu/fastnetmon/tree/master/src/FreeBSD_port For any other operation systems we recommend automatic installer script: https://github.com/FastVPSEestiOu/fastnetmon/blob/master/docs/INSTALL.md Please join to our mail list or ask about anything here https://groups.google.com/forum/#!forum/fastnetmon Thank you for your attention! -- Sincerely yours, Pavel Odintsov
