Performance optimization. Add debug tools for netflow and pcap. Fix compatibility issues with FreeBSD and Mac OS X. Add subnet which attacked IP belongs to.
We have spent about 10 months for development of FastNetMon and could
present huge feature list now! :)
Stop! What is FastNetMon?
It's really very fast toolkit which could find attacked host in your
network and block it (or redirect to filtering appliance)
This solution could save your network and your sleep :)
Our site located here: https://fastnetmon.com
We support following engines for traffic capture:
- Netflow (v5, v9 and IPFIX)
- sFLOW v5
- port mirror/SPAN (PF_RING and netmap supported)
Also we have deep integration with ExaBGP (huge thanks to Thomas
Mangin) for triggering blackhole on the Core Router or upstream.
Since 1.0 version we have added support for following features:
- Ability to detect most popular attack types: syn_flood, icmp_flood,
udp_flood, ip_fragmentation_flood - Add support for Netmap for Linux (we have prepared special driver
for ixgbe users: https://github.com/pavel-odintsov/ixgbe-linux-netmap)
and FreeBSD. - Add support for PF_RING ZC (very fast but need license from ntop folks)
- Add ability to collect netflow v9/IPFIX data from multiple devices
with different templates set - Basic support for IPv6 (we could receive netflow data over IPv6)
- Add plugin support for capture engines
- Add support of L2TP decapsulation (important for DDoS attack
detection inside tunnel) - Add ability to store attack details in Redis
- Add Graphite/Grafana integration for traffic visualization
- Add systemd unit file
- Add ability to unblock host after some timeout
- Introduce support of moving average for all counters
- Add ExaBGP integration. We could announce attacked host with BGP to
border router or uplink - Add so much details in attack report
- Add ability to store attack fingerprint in file
We have complete support for following platforms:
- Fedora 21
- Debian 6, 7, 8
- CentOS 6, 7
- FreeBSD 9, 10, 11
- DragonflyBSD 4
- MacOS X 10.10
From network equipment side we have tested solution with:
- Cisco ASR
- Juniper MX
- Extreme Summit
- ipt_NETFLOW Linux
For any other operation systems we recommend automatic installer
script: https://github.com/pavel-odintsov/fastnetmon/blob/master/docs/INSTALL.md
Please join to our mail list or ask about anything here
https://groups.google.com/forum/#!forum/fastnetmon
Known bugs: