[GTER] Fwd: FastNetMon 1.1.2 - open source solution for DoS/DDoS mitigation
Guilherme de Freitas Figueiredo
gff at wkve.com.br
Fri Jun 5 09:39:02 -03 2015
Estou usando aqui, integrado com o graphite e grafana, funciona muito bem,
o dificil é vc achar um average de pacotes, mbps e flows para que seja de
detectdo como "ataque".
Em qui, 4 de jun de 2015 às 15:04, Rubens Kuhl <rubensk at gmail.com> escreveu:
> Projeto bem interessante...
>
>
> Rubens
>
> ---------- Forwarded message ----------
> From: Pavel Odintsov <pavel.odintsov at gmail.com>
> Date: Tue, Jun 2, 2015 at 5:16 PM
> Subject: FastNetMon 1.1.2 - open source solution for DoS/DDoS mitigation
> To: "nanog at nanog.org" <nanog at nanog.org>
>
>
> Hello, Nanog!
>
> I'm very pleased to present my open source DoS/DDoS attack monitoring
> toolkit here!
>
> We have spent about 10 months for development of FastNetMon and could
> present huge feature list now! :)
>
> Stop! What is FastNetMon?
>
> It's really very fast toolkit which could find attacked host in your
> network and block it (or redirect to filtering appliance)
>
> This solution could save your network and your sleep :)
>
> Our site located here: https://github.com/FastVPSEestiOu/fastnetmon
>
> We support following engines for traffic capture:
> - Netflow (v5, v9 and IPFIX)
> - sFLOW v5
> - port mirror/SPAN (PF_RING and netmap supported)
>
> Also we have deep integration with ExaBGP (huge thanks to Thomas
> Mangin) for triggering blackhole on the Core Router or upstream.
>
> Since 1.0 version we have added support for following features:
> - Ability to detect most popular attack types: syn_flood, icmp_flood,
> udp_flood, ip_fragmentation_flood
> - Add support for Netmap for Linux (we have prepared special driver
> for ixgbe users: https://github.com/pavel-odintsov/ixgbe-linux-netmap)
> and FreeBSD.
> - Add support for PF_RING ZC (very fast but need license from ntop folks)
> - Add ability to collect netflow v9/IPFIX data from multiple devices
> with different templates set
> - Basic support for IPv6 (we could receive netflow data over IPv6)
> - Add plugin support for capture engines
> - Add support of L2TP decapsulation (important for DDoS attack
> detection inside tunnel)
> - Add ability to store attack details in Redis
> - Add Graphite/Grafana integration for traffic visualization
> - Add systemd unit file
> - Add ability to unblock host after some timeout
> - Introduce support of moving average for all counters
> - Add ExaBGP integration. We could announce attacked host with BGP to
> border router or uplink
> - Add so much details in attack report
> - Add ability to store attack fingerprint in file
>
> We have complete support for following platforms:
> - Fedora 21
> - Debian 6, 7, 8
> - CentOS 6, 7
> - FreeBSD 9, 10, 11
> - DragonflyBSD 4
> - MacOS X 10.10
>
> From network equipment side we have tested solution with:
> - Cisco ASR
> - Juniper MX
> - Extreme Summit
> - ipt_NETFLOW Linux
>
> We have binary packages for this operation systems:
> - CentOS 6:
> https://github.com/FastVPSEestiOu/fastnetmon/tree/master/packages/CentOS6
> - CentOS 7:
> https://github.com/FastVPSEestiOu/fastnetmon/tree/master/packages/CentOS7
> - Fedora 21:
> https://github.com/FastVPSEestiOu/fastnetmon/tree/master/packages/Fedora21
> - FreeBSD:
> https://github.com/FastVPSEestiOu/fastnetmon/tree/master/src/FreeBSD_port
>
> For any other operation systems we recommend automatic installer
> script:
> https://github.com/FastVPSEestiOu/fastnetmon/blob/master/docs/INSTALL.md
>
> Please join to our mail list or ask about anything here
> https://groups.google.com/forum/#!forum/fastnetmon
>
> Thank you for your attention!
>
> --
> Sincerely yours, Pavel Odintsov
> --
> gter list https://eng.registro.br/mailman/listinfo/gter
>
More information about the gter
mailing list