[180439] in North American Network Operators' Group
Re: FastNetMon 1.1.2 - open source solution for DoS/DDoS mitigation
daemon@ATHENA.MIT.EDU (Pavel Odintsov)
Wed Jun 3 02:56:37 2015
X-Original-To: nanog@nanog.org
In-Reply-To: <CAHvs-HWOVjQ_Q9SRhoKcxhKOrLFtepGf3WonutTHkh5hCFrTFg@mail.gmail.com>
Date: Wed, 3 Jun 2015 09:54:06 +0300
From: Pavel Odintsov <pavel.odintsov@gmail.com>
To: Johan Kooijman <mail@johankooijman.com>
Cc: "nanog@nanog.org" <nanog@nanog.org>
Errors-To: nanog-bounces@nanog.org
Thank you for interest! Feel free to ask me about anything! Feature
requests very appreciate!
On Wed, Jun 3, 2015 at 9:31 AM, Johan Kooijman <mail@johankooijman.com> wrote:
> Interesting project, Pavel. I'll most certainly give this a trial run.
>
> On Tue, Jun 2, 2015 at 10:16 PM, Pavel Odintsov <pavel.odintsov@gmail.com>
> wrote:
>>
>> Hello, Nanog!
>>
>> I'm very pleased to present my open source DoS/DDoS attack monitoring
>> toolkit here!
>>
>> We have spent about 10 months for development of FastNetMon and could
>> present huge feature list now! :)
>>
>> Stop! What is FastNetMon?
>>
>> It's really very fast toolkit which could find attacked host in your
>> network and block it (or redirect to filtering appliance)
>>
>> This solution could save your network and your sleep :)
>>
>> Our site located here: https://github.com/FastVPSEestiOu/fastnetmon
>>
>> We support following engines for traffic capture:
>> - Netflow (v5, v9 and IPFIX)
>> - sFLOW v5
>> - port mirror/SPAN (PF_RING and netmap supported)
>>
>> Also we have deep integration with ExaBGP (huge thanks to Thomas
>> Mangin) for triggering blackhole on the Core Router or upstream.
>>
>> Since 1.0 version we have added support for following features:
>> - Ability to detect most popular attack types: syn_flood, icmp_flood,
>> udp_flood, ip_fragmentation_flood
>> - Add support for Netmap for Linux (we have prepared special driver
>> for ixgbe users: https://github.com/pavel-odintsov/ixgbe-linux-netmap)
>> and FreeBSD.
>> - Add support for PF_RING ZC (very fast but need license from ntop folks)
>> - Add ability to collect netflow v9/IPFIX data from multiple devices
>> with different templates set
>> - Basic support for IPv6 (we could receive netflow data over IPv6)
>> - Add plugin support for capture engines
>> - Add support of L2TP decapsulation (important for DDoS attack
>> detection inside tunnel)
>> - Add ability to store attack details in Redis
>> - Add Graphite/Grafana integration for traffic visualization
>> - Add systemd unit file
>> - Add ability to unblock host after some timeout
>> - Introduce support of moving average for all counters
>> - Add ExaBGP integration. We could announce attacked host with BGP to
>> border router or uplink
>> - Add so much details in attack report
>> - Add ability to store attack fingerprint in file
>>
>> We have complete support for following platforms:
>> - Fedora 21
>> - Debian 6, 7, 8
>> - CentOS 6, 7
>> - FreeBSD 9, 10, 11
>> - DragonflyBSD 4
>> - MacOS X 10.10
>>
>> From network equipment side we have tested solution with:
>> - Cisco ASR
>> - Juniper MX
>> - Extreme Summit
>> - ipt_NETFLOW Linux
>>
>> We have binary packages for this operation systems:
>> - CentOS 6:
>> https://github.com/FastVPSEestiOu/fastnetmon/tree/master/packages/CentOS6
>> - CentOS 7:
>> https://github.com/FastVPSEestiOu/fastnetmon/tree/master/packages/CentOS7
>> - Fedora 21:
>> https://github.com/FastVPSEestiOu/fastnetmon/tree/master/packages/Fedora21
>> - FreeBSD:
>> https://github.com/FastVPSEestiOu/fastnetmon/tree/master/src/FreeBSD_port
>>
>> For any other operation systems we recommend automatic installer
>> script:
>> https://github.com/FastVPSEestiOu/fastnetmon/blob/master/docs/INSTALL.md
>>
>> Please join to our mail list or ask about anything here
>> https://groups.google.com/forum/#!forum/fastnetmon
>>
>> Thank you for your attention!
>>
>> --
>> Sincerely yours, Pavel Odintsov
>
>
>
>
> --
> Met vriendelijke groeten / With kind regards,
> Johan Kooijman
--
Sincerely yours, Pavel Odintsov
