[AusNOG] FastNetMon - open source solution for DoS/DDoS mitigation
Pavel Odintsov
pavel.odintsov at gmail.com
Wed Jul 1 21:23:50 EST 2015
Hello, Folks!
I would like to offer some help with DDoS mitigation to Australia
Network Community.
So much Networks hit DDoS attacks every day and bother your (awesome
NOC Engineer!) sleep.
And I have solution for keeping NOC's engineers sleep safe :)
Here you go! https://github.com/FastVPSEestiOu/fastnetmon
Stop! What is FastNetMon?
It's really very fast toolkit which could find attacked host in your
network and block it (or redirect to filtering appliance)
We support following engines for traffic capture:
- Netflow (v5, v9 and IPFIX)
- sFLOW v4 (dev branch), v5
- port mirror/SPAN (PF_RING and netmap supported)
So awesome! Isn't it?
Here you could get VyOS appliance with bundled FastNetMon and start
testing right now:
https://github.com/FastVPSEestiOu/fastnetmon/blob/master/docs/VYOS_BINARY_ISO_IMAGE.md
!
Also we have deep integration with ExaBGP (huge thanks to Thomas
Mangin) for triggering blackhole on the Core Router or upstream.
Since 1.0 version we have added support for following features:
- Ability to detect most popular attack types: syn_flood, icmp_flood,
udp_flood, ip_fragmentation_flood
- Add support for Netmap for Linux (we have prepared special driver
for ixgbe users: https://github.com/pavel-odintsov/ixgbe-linux-netmap)
and FreeBSD.
- Add support for PF_RING ZC (very fast but need license from ntop folks)
- Add ability to collect netflow v9/IPFIX data from multiple devices
with different templates set
- Basic support for IPv6 (we could receive netflow data over IPv6)
- Add plugin support for capture engines
- Add support of L2TP decapsulation (important for DDoS attack
detection inside tunnel)
- Add ability to store attack details in Redis
- Add Graphite/Grafana integration for traffic visualization
- Add systemd unit file
- Add ability to unblock host after some timeout
- Introduce support of moving average for all counters
- Add ExaBGP integration. We could announce attacked host with BGP to
border router or uplink
- Add so much details in attack report
- Add ability to store attack fingerprint in file
We have complete support for following platforms:
- Fedora 21
- Debian 6, 7, 8
- CentOS 6, 7
- FreeBSD 9, 10, 11
- DragonflyBSD 4
- MacOS X 10.10
>From network equipment side we have tested solution with:
- Cisco ASR
- Juniper MX
- Extreme Summit
- ipt_NETFLOW Linux
We have binary packages for all popular distributions. But toolkit is
under heavy development now and we release new features every day!
So, we recommend to use automatic installer
script because it offer ability to switch to developer branch fastly:
https://github.com/FastVPSEestiOu/fastnetmon/blob/master/docs/INSTALL.md
Please join to our mail list or ask about anything here
https://groups.google.com/forum/#!forum/fastnetmon
Thank you for your attention!
--
Sincerely yours, Pavel Odintsov
More information about the AusNOG
mailing list