[AusNOG] FastNetMon - open source solution for DoS/DDoS mitigation

Pavel Odintsov pavel.odintsov at gmail.com
Wed Jul 1 21:31:12 EST 2015 

Thanks, Matt for nice feedback! If you have any ideas or issues for
project you could ask me directly :)

On Wed, Jul 1, 2015 at 2:29 PM, Matt Perkins <matt at spectrum.com.au> wrote:
> Pavel posted this to nanog a few weeks back and we have been testing ever since. Worth a try. We don't have it doing more then email alerts but so far results are promising.
>
> Matt
>
>
>
> --
> /* Matt Perkins
>        Direct 1300 137 379     Spectrum Networks Ptd. Ltd.
>        Office 1300 133 299     matt at spectrum.com.au
>        Fax    1300 133 255     Level 6, 350 George Street Sydney 2000
>       SIP 1300137379 at sip.spectrum.com.au
>        Google Talk MattAPerkins at gmail.com
>        PGP/GNUPG Public Key can be found at  http://pgp.mit.edu
> */
>
>> On 1 Jul 2015, at 9:23 pm, Pavel Odintsov <pavel.odintsov at gmail.com> wrote:
>>
>> Hello, Folks!
>>
>> I would like to offer some help with DDoS mitigation to Australia
>> Network Community.
>>
>> So much Networks hit DDoS attacks every day and bother your (awesome
>> NOC Engineer!) sleep.
>>
>> And I have solution for keeping NOC's engineers sleep safe :)
>>
>> Here you go! https://github.com/FastVPSEestiOu/fastnetmon
>>
>> Stop! What is FastNetMon?
>>
>> It's really very fast toolkit which could find attacked host in your
>> network and block it (or redirect to filtering appliance)
>>
>> We support following engines for traffic capture:
>> - Netflow (v5, v9 and IPFIX)
>> - sFLOW v4 (dev branch), v5
>> - port mirror/SPAN (PF_RING and netmap supported)
>>
>> So awesome! Isn't it?
>>
>> Here you could get VyOS appliance with bundled FastNetMon and start
>> testing right now:
>> https://github.com/FastVPSEestiOu/fastnetmon/blob/master/docs/VYOS_BINARY_ISO_IMAGE.md
>> !
>>
>> Also we have deep integration with ExaBGP (huge thanks to Thomas
>> Mangin) for triggering blackhole on the Core Router or upstream.
>>
>> Since 1.0 version we have added support for following features:
>> - Ability to detect most popular attack types: syn_flood, icmp_flood,
>> udp_flood, ip_fragmentation_flood
>> - Add support for Netmap for Linux (we have prepared special driver
>> for ixgbe users: https://github.com/pavel-odintsov/ixgbe-linux-netmap)
>> and FreeBSD.
>> - Add support for PF_RING ZC (very fast but need license from ntop folks)
>> - Add ability to collect netflow v9/IPFIX data from multiple devices
>> with different templates set
>> - Basic support for IPv6 (we could receive netflow data over IPv6)
>> - Add plugin support for capture engines
>> - Add support of L2TP decapsulation (important for DDoS attack
>> detection inside tunnel)
>> - Add ability to store attack details in Redis
>> - Add Graphite/Grafana integration for traffic visualization
>> - Add systemd unit file
>> - Add ability to unblock host after some timeout
>> - Introduce support of moving average for all counters
>> - Add ExaBGP integration. We could announce attacked host with BGP to
>> border router or uplink
>> - Add so much details in attack report
>> - Add ability to store attack fingerprint in file
>>
>> We have complete support for following platforms:
>> - Fedora 21
>> - Debian 6, 7, 8
>> - CentOS 6, 7
>> - FreeBSD 9, 10, 11
>> - DragonflyBSD 4
>> - MacOS X 10.10
>>
>>> From network equipment side we have tested solution with:
>> - Cisco ASR
>> - Juniper MX
>> - Extreme Summit
>> - ipt_NETFLOW Linux
>>
>> We have binary packages for all popular distributions. But toolkit is
>> under heavy development now and we release new features every day!
>>
>> So, we recommend to use automatic installer
>> script because it offer ability to switch to developer branch fastly:
>> https://github.com/FastVPSEestiOu/fastnetmon/blob/master/docs/INSTALL.md
>>
>> Please join to our mail list or ask about anything here
>> https://groups.google.com/forum/#!forum/fastnetmon
>>
>> Thank you for your attention!
>>
>> --
>> Sincerely yours, Pavel Odintsov
>> _______________________________________________
>> AusNOG mailing list
>> AusNOG at lists.ausnog.net
>> http://lists.ausnog.net/mailman/listinfo/ausnog



-- 
Sincerely yours, Pavel Odintsov

More information about the AusNOG mailing list