{"id":1056,"date":"2015-06-19T01:26:28","date_gmt":"2015-06-19T01:26:28","guid":{"rendered":"http:\/\/www.pir8geek.com\/?p=1056"},"modified":"2015-06-19T01:26:28","modified_gmt":"2015-06-19T01:26:28","slug":"fastnetmon-very-fast-ddos-analyzer-with-sflownetflowmirror-support","status":"publish","type":"post","link":"https:\/\/www.jameseduard.com\/?p=1056","title":{"rendered":"FastNetMon &#8211; Very Fast DDoS Analyzer with Sflow\/Netflow\/Mirror Support"},"content":{"rendered":"<p><strong>FastNetMon<\/strong> &#8211; A high performance DoS\/DDoS load analyzer built on top of multiple packet capture engines (NetFlow, IPFIX, sFLOW, netmap, PF_RING, PCAP).<br \/>\nWhat can we do? We can detect hosts in our own network with a large amount of packets per second\/bytes per second or flow per second incoming or outgoing from certain hosts. And we can call an external script which can notify you, switch off a server or blackhole the client.<\/p>\n<div><b><span class=\"Apple-style-span\">FastNetMon DDoS Analyzer\u00a0Features:<\/span><\/b><\/div>\n<ul>\n<li>Can process incoming and outgoing traffic<\/li>\n<li>Can trigger block script if certain IP loads network with a large amount of packets\/bytes\/flows per second<\/li>\n<li>Could <a href=\"https:\/\/github.com\/FastVPSEestiOu\/fastnetmon\/blob\/master\/docs\/EXABGP_INTEGRATION.md\">announce blocked IPs<\/a> to BGP router with <a href=\"https:\/\/github.com\/Exa-Networks\/exabgp\">ExaBGP<\/a><\/li>\n<li>Have integration with <a href=\"https:\/\/github.com\/FastVPSEestiOu\/fastnetmon\/blob\/master\/docs\/GRAPHITE_INTEGRATION.md\">Graphite<\/a><\/li>\n<li>netmap support (open source; wire speed processing; only Intel hardware NICs or any hypervisor VM type)<\/li>\n<li>Supports L2TP decapsulation, VLAN untagging and MPLS processing in mirror mode<\/li>\n<li>Can work on server\/soft-router<\/li>\n<li>Can detect DoS\/DDoS in 1-2 seconds<\/li>\n<li>Tested up to 10GE with 5-6 Mpps on Intel i7 2600 with Intel Nic 82599<\/li>\n<li>Complete plugin support<\/li>\n<li>Have <a href=\"https:\/\/github.com\/FastVPSEestiOu\/fastnetmon\/blob\/master\/docs\/DETECTED_ATTACK_TYPES.md\">complete support<\/a> for most popular attack types<\/li>\n<\/ul>\n<div><\/div>\n<div><b><span class=\"Apple-style-span\">Supported platforms:<\/span><\/b><\/div>\n<ul>\n<li>Linux (Debian 6\/7\/8, CentOS 6\/7, Ubuntu 12+)<\/li>\n<li>FreeBSD 9, 10, 11<\/li>\n<li>Mac OS X Yosemite<\/li>\n<\/ul>\n<div>What is &#8220;flow&#8221; in FastNetMon terms? It&#8217;s one or multiple udp, tcp, icmp connections with unique src IP, dst IP, src port, dst port and protocol.<\/div>\n<div><\/div>\n<div>Example for cpu load on Intel i7 2600 with Intel X540\/82599 NIC on 400 kpps load:<\/div>\n<div><\/div>\n<div class=\"separator\"><a href=\"http:\/\/www.pir8geek.com\/wp-content\/uploads\/2015\/06\/fastnetmon_stats.png\"><img fetchpriority=\"high\" decoding=\"async\" class=\"alignnone size-full wp-image-1057\" src=\"http:\/\/www.pir8geek.com\/wp-content\/uploads\/2015\/06\/fastnetmon_stats.png\" alt=\"fastnetmon_stats\" width=\"556\" height=\"198\" \/><\/a><\/div>\n<p><strong>Example deployment scheme:<\/strong><\/p>\n<ul>\n<li><a href=\"http:\/\/www.pir8geek.com\/wp-content\/uploads\/2015\/06\/network_map.png\"><img decoding=\"async\" class=\"alignnone size-full wp-image-1059\" src=\"http:\/\/www.pir8geek.com\/wp-content\/uploads\/2015\/06\/network_map.png\" alt=\"network_map\" width=\"716\" height=\"341\" \/><\/a><\/li>\n<li>To enable <strong>sFLOW<\/strong> simply specify IP of server with installed FastNetMon and specify <em><strong>port 6343<\/strong><\/em>.<\/li>\n<li>To enable <strong>netflow<\/strong> simply specify IP of server with installed FastNetMon and specify <em><strong>port 2055.<\/strong><\/em><\/li>\n<\/ul>\n<p style=\"text-align: center;\">\n<b><span class=\"Apple-style-span\"><a href=\"https:\/\/github.com\/FastVPSEestiOu\/fastnetmon\" target=\"_blank\" rel=\"noopener noreferrer\">Download\u00a0FastNetMon<\/a><\/span><\/b><\/p>\n","protected":false},"excerpt":{"rendered":"<p>FastNetMon &#8211; A high performance DoS\/DDoS load analyzer built on top of multiple packet capture engines (NetFlow, IPFIX, sFLOW, netmap, PF_RING, PCAP). What can we do? We can detect hosts in our own network with a large amount of packets per second\/bytes per second or flow per second incoming or outgoing from certain hosts. And<\/p>\n","protected":false},"author":1,"featured_media":1059,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[491],"tags":[489,490],"class_list":["post-1056","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-stress-testing","tag-ddos","tag-dos"],"_links":{"self":[{"href":"https:\/\/www.jameseduard.com\/index.php?rest_route=\/wp\/v2\/posts\/1056","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.jameseduard.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.jameseduard.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.jameseduard.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.jameseduard.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=1056"}],"version-history":[{"count":0,"href":"https:\/\/www.jameseduard.com\/index.php?rest_route=\/wp\/v2\/posts\/1056\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.jameseduard.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=1056"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.jameseduard.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=1056"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.jameseduard.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=1056"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}