Interesting project, Pavel. I'll most certainly give this a trial run. On Tue, Jun 2, 2015 at 10:16 PM, Pavel Odintsov <pavel.odint...@gmail.com> wrote:
> Hello, Nanog! > > I'm very pleased to present my open source DoS/DDoS attack monitoring > toolkit here! > > We have spent about 10 months for development of FastNetMon and could > present huge feature list now! :) > > Stop! What is FastNetMon? > > It's really very fast toolkit which could find attacked host in your > network and block it (or redirect to filtering appliance) > > This solution could save your network and your sleep :) > > Our site located here: https://github.com/FastVPSEestiOu/fastnetmon > > We support following engines for traffic capture: > - Netflow (v5, v9 and IPFIX) > - sFLOW v5 > - port mirror/SPAN (PF_RING and netmap supported) > > Also we have deep integration with ExaBGP (huge thanks to Thomas > Mangin) for triggering blackhole on the Core Router or upstream. > > Since 1.0 version we have added support for following features: > - Ability to detect most popular attack types: syn_flood, icmp_flood, > udp_flood, ip_fragmentation_flood > - Add support for Netmap for Linux (we have prepared special driver > for ixgbe users: https://github.com/pavel-odintsov/ixgbe-linux-netmap) > and FreeBSD. > - Add support for PF_RING ZC (very fast but need license from ntop folks) > - Add ability to collect netflow v9/IPFIX data from multiple devices > with different templates set > - Basic support for IPv6 (we could receive netflow data over IPv6) > - Add plugin support for capture engines > - Add support of L2TP decapsulation (important for DDoS attack > detection inside tunnel) > - Add ability to store attack details in Redis > - Add Graphite/Grafana integration for traffic visualization > - Add systemd unit file > - Add ability to unblock host after some timeout > - Introduce support of moving average for all counters > - Add ExaBGP integration. We could announce attacked host with BGP to > border router or uplink > - Add so much details in attack report > - Add ability to store attack fingerprint in file > > We have complete support for following platforms: > - Fedora 21 > - Debian 6, 7, 8 > - CentOS 6, 7 > - FreeBSD 9, 10, 11 > - DragonflyBSD 4 > - MacOS X 10.10 > > From network equipment side we have tested solution with: > - Cisco ASR > - Juniper MX > - Extreme Summit > - ipt_NETFLOW Linux > > We have binary packages for this operation systems: > - CentOS 6: > https://github.com/FastVPSEestiOu/fastnetmon/tree/master/packages/CentOS6 > - CentOS 7: > https://github.com/FastVPSEestiOu/fastnetmon/tree/master/packages/CentOS7 > - Fedora 21: > https://github.com/FastVPSEestiOu/fastnetmon/tree/master/packages/Fedora21 > - FreeBSD: > https://github.com/FastVPSEestiOu/fastnetmon/tree/master/src/FreeBSD_port > > For any other operation systems we recommend automatic installer > script: > https://github.com/FastVPSEestiOu/fastnetmon/blob/master/docs/INSTALL.md > > Please join to our mail list or ask about anything here > https://groups.google.com/forum/#!forum/fastnetmon > > Thank you for your attention! > > -- > Sincerely yours, Pavel Odintsov > -- Met vriendelijke groeten / With kind regards, Johan Kooijman