[180445] in North American Network Operators' Group
Re: FastNetMon 1.1.2 - open source solution for DoS/DDoS mitigation
daemon@ATHENA.MIT.EDU (Pavel Odintsov)
Wed Jun 3 10:52:32 2015
X-Original-To: nanog@nanog.org
In-Reply-To: <CADgGeugW0AoWJ0x-zVc78gqfYvezigOP0HtH0oLa8jVjWjXCtg@mail.gmail.com>
Date: Wed, 3 Jun 2015 17:52:25 +0300
From: Pavel Odintsov <pavel.odintsov@gmail.com>
To: Budiwijaya <bbuuddiiww@gmail.com>
Cc: "nanog@nanog.org" <nanog@nanog.org>
Errors-To: nanog-bounces@nanog.org
Hello!
Thank you! Please share your experience after tests!
On Wed, Jun 3, 2015 at 5:50 PM, Budiwijaya <bbuuddiiww@gmail.com> wrote:
> Yep, definitely i'll give this a trial run.
> We are developing nullroute application internally.
> I'll try to run this in our lab.
>
> On Wed, Jun 3, 2015 at 3:16 AM, Pavel Odintsov <pavel.odintsov@gmail.com> wrote:
>> Hello, Nanog!
>>
>> I'm very pleased to present my open source DoS/DDoS attack monitoring
>> toolkit here!
>>
>> We have spent about 10 months for development of FastNetMon and could
>> present huge feature list now! :)
>>
>> Stop! What is FastNetMon?
>>
>> It's really very fast toolkit which could find attacked host in your
>> network and block it (or redirect to filtering appliance)
>>
>> This solution could save your network and your sleep :)
>>
>> Our site located here: https://github.com/FastVPSEestiOu/fastnetmon
>>
>> We support following engines for traffic capture:
>> - Netflow (v5, v9 and IPFIX)
>> - sFLOW v5
>> - port mirror/SPAN (PF_RING and netmap supported)
>>
>> Also we have deep integration with ExaBGP (huge thanks to Thomas
>> Mangin) for triggering blackhole on the Core Router or upstream.
>>
>> Since 1.0 version we have added support for following features:
>> - Ability to detect most popular attack types: syn_flood, icmp_flood,
>> udp_flood, ip_fragmentation_flood
>> - Add support for Netmap for Linux (we have prepared special driver
>> for ixgbe users: https://github.com/pavel-odintsov/ixgbe-linux-netmap)
>> and FreeBSD.
>> - Add support for PF_RING ZC (very fast but need license from ntop folks)
>> - Add ability to collect netflow v9/IPFIX data from multiple devices
>> with different templates set
>> - Basic support for IPv6 (we could receive netflow data over IPv6)
>> - Add plugin support for capture engines
>> - Add support of L2TP decapsulation (important for DDoS attack
>> detection inside tunnel)
>> - Add ability to store attack details in Redis
>> - Add Graphite/Grafana integration for traffic visualization
>> - Add systemd unit file
>> - Add ability to unblock host after some timeout
>> - Introduce support of moving average for all counters
>> - Add ExaBGP integration. We could announce attacked host with BGP to
>> border router or uplink
>> - Add so much details in attack report
>> - Add ability to store attack fingerprint in file
>>
>> We have complete support for following platforms:
>> - Fedora 21
>> - Debian 6, 7, 8
>> - CentOS 6, 7
>> - FreeBSD 9, 10, 11
>> - DragonflyBSD 4
>> - MacOS X 10.10
>>
>> From network equipment side we have tested solution with:
>> - Cisco ASR
>> - Juniper MX
>> - Extreme Summit
>> - ipt_NETFLOW Linux
>>
>> We have binary packages for this operation systems:
>> - CentOS 6: https://github.com/FastVPSEestiOu/fastnetmon/tree/master/packages/CentOS6
>> - CentOS 7: https://github.com/FastVPSEestiOu/fastnetmon/tree/master/packages/CentOS7
>> - Fedora 21: https://github.com/FastVPSEestiOu/fastnetmon/tree/master/packages/Fedora21
>> - FreeBSD: https://github.com/FastVPSEestiOu/fastnetmon/tree/master/src/FreeBSD_port
>>
>> For any other operation systems we recommend automatic installer
>> script: https://github.com/FastVPSEestiOu/fastnetmon/blob/master/docs/INSTALL.md
>>
>> Please join to our mail list or ask about anything here
>> https://groups.google.com/forum/#!forum/fastnetmon
>>
>> Thank you for your attention!
>>
>> --
>> Sincerely yours, Pavel Odintsov
--
Sincerely yours, Pavel Odintsov
