[AusNOG] What tool shows this?

Tom Paseka tom at cloudflare.com
Sat Feb 15 15:41:24 EST 2014


This is from UKNOF from a couple of days ago:

===
Hello,

Because :
 - Exa has been under attack way too much these last weeks
 - We hate to have to deal with it

Because:
 - Andrisoft seems cool but does not do FlowSpec
 - Arbor is known for its price (and features)
 - I am from Yorkshire (How much do you pay me to find bugs in your shinny
application ?)

Because:
 - We can ...
 - And people can not be bothered to fix the problem at source !

I have been working on making our internal tool ( Thank you Daniel )
something which can be built on and released to the community.
The repository is here: https://github.com/Exa-Networks/exaddos

The code is not even one week old but it can :
 - use SNMP to monitor your EBGP interfaces
 - parse IPFIX to find your top speakers
 - provide you the data in an HORRIBLE web page ( but all the rendering is
client side, so feel free to fix that !)

Now I would love some help ... I am NOT a web designer who find Javascript
easy (I can handle jquery and basic stuff but nice CSS is not my cup of
tea), so it will not look nice unless someone else make it so.

 I can provide the underlying data via JSON in whatever way one may need to
allow :
 - graphing of links
 - allow to drill down on top speakers to find proto / ports information
 - "one click" get rid of that DDOS for <IP> <proto>

I did some of this stuff with ExaProxy so I am not totally useless but god
knows it is not my strength !

So any help would be welcome, so I can go back on coding on BGP and not
DDOS.

Thomas

PS: I created a G+ community ExaDDOS .. I will try to add a mailing list
later on.
===

Enjoy :)


On Fri, Feb 14, 2014 at 8:28 PM, Jimmy <mupperoni at gmail.com> wrote:

> I wonder what network monitoring tool is this?[image: Inline images 1]
>
> Also what is a good network monitoring tool (open source preferred) that
> collects netflow data and can easily show a current traffic anomaly e.g. a
> ddos attack quickly and succinctly? The primary goal is to help me identify
> the traffic anomaly, if there's a certain IP address being targeted, etc.
>
> I am currently using ntop but I find it a little cumbersome and slow,
> although it's helpful, but it isn't giving me a nice output like the above.
>
> Thanks!
>
> Jimmy
>
> _______________________________________________
> AusNOG mailing list
> AusNOG at lists.ausnog.net
> http://lists.ausnog.net/mailman/listinfo/ausnog
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20140214/afd871b3/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image006.png
Type: image/png
Size: 18270 bytes
Desc: not available
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20140214/afd871b3/attachment.png>


More information about the AusNOG mailing list