As I have been asked off-line quite a few times : We wrote it to complement NFSEN. You can only search NFSEN once the data has been fully analysed. It mean that most of the time you have to wait a few minutes.
We were seeing 15 mns DDOS, at least twice a day. By the time we had identified the DDOS pattern, it was off. This is what prompted the creation of ExaDDOS. Just to be able to see what was happening in that time and react faster. Thomas On 12 Feb 2014, at 16:57, Thomas Mangin <[email protected]> wrote: > Hello, > > Because : > - Exa has been under attack way too much these last weeks > - We hate to have to deal with it > > Because: > - Andrisoft seems cool but does not do FlowSpec > - Arbor is known for its price (and features) > - I am from Yorkshire (How much do you pay me to find bugs in your shinny > application ?) > > Because: > - We can ... > - And people can not be bothered to fix the problem at source ! > > I have been working on making our internal tool ( Thank you Daniel ) > something which can be built on and released to the community. > The repository is here: https://github.com/Exa-Networks/exaddos > > The code is not even one week old but it can : > - use SNMP to monitor your EBGP interfaces > - parse IPFIX to find your top speakers > - provide you the data in an HORRIBLE web page ( but all the rendering is > client side, so feel free to fix that !) > > Now I would love some help ... I am NOT a web designer who find Javascript > easy (I can handle jquery and basic stuff but nice CSS is not my cup of tea), > so it will not look nice unless someone else make it so. > > I can provide the underlying data via JSON in whatever way one may need to > allow : > - graphing of links > - allow to drill down on top speakers to find proto / ports information > - "one click" get rid of that DDOS for <IP> <proto> > > I did some of this stuff with ExaProxy so I am not totally useless but god > knows it is not my strength ! > > So any help would be welcome, so I can go back on coding on BGP and not DDOS. > > Thomas > > PS: I created a G+ community ExaDDOS .. I will try to add a mailing list > later on. >
signature.asc
Description: Message signed with OpenPGP using GPGMail
