2018-04-24 19:45:39 +00:00
Community Edition
2013-11-14 08:23:10 +00:00
===========
2022-02-10 13:38:13 +00:00
FastNetMon - A high performance DoS/DDoS load analyzer built on top of multiple packet capture engines (NetFlow, IPFIX, sFlow, AF_PACKET, Netmap, PCAP).
2015-03-10 22:38:10 +00:00
2018-03-01 19:33:13 +00:00
What do we do?
--------------
We detect hosts in the deployed network sending or receiving large volumes of traffic, packets/bytes/flows, per second and
perform a configurable action to handle that event. These configurable actions include notifying you, switching off the server, or blackholing the client.
2015-06-15 09:59:12 +00:00
2018-09-03 09:29:25 +00:00
Flow is one or more ICMP, UDP, or TCP packets which can be identified via their unique src IP, dst IP, src port, dst port, and protocol fields.
2018-03-01 19:33:13 +00:00
2015-10-06 15:37:27 +00:00
Project
-------
2017-07-30 13:01:24 +00:00
- [Official site ](https://fastnetmon.com )
2018-03-01 19:33:13 +00:00
- [FastNetMon Advanced, Commercial Edition ](https://fastnetmon.com/fastnetmon-advanced/ )
2019-04-13 23:38:18 +00:00
- [FastNetMon Advanced and Community difference table ](https://fastnetmon.com/compare-community-and-advanced/ )
2022-02-10 13:38:13 +00:00
- Detailed reference: [link ](https://translate.google.com/translate?sl=auto&tl=en&u=https%3A%2F%2Ffastnetmon.com%2Fwp-content%2Fuploads%2F2017%2F07%2FFastNetMon_Reference_Russian.pdf )
2018-10-06 12:18:42 +00:00
2015-10-06 15:37:27 +00:00
Supported packet capture engines
--------------------------------
2015-03-23 10:39:08 +00:00
- NetFlow v5, v9
- IPFIX
2019-07-11 20:00:33 +00:00
-  v4, v5
- PCAP
- AF_PACKET
- Netmap
- SnabbSwitch (experimental)
- PF_RING / PF_RING ZC (obsoleted, not recommented, please use AF_PACKET instead)
2015-03-23 10:37:29 +00:00
2017-12-03 12:21:04 +00:00
You can check out the [comparison table ](https://fastnetmon.com/docs/capture_backends/ ) for all available packet capture engines.
2015-04-28 19:39:08 +00:00
2022-02-10 13:38:13 +00:00
Official support groups:
-------
- [Mailing list ](https://groups.google.com/forum/#!forum/fastnetmon )
- [Slack ](https://join.slack.com/t/fastnetmon/shared_invite/MjM3NDUwNzY4NjA5LTE1MDQ4MzE5NTAtYmU4MjYyYWNiZQ )
- IRC: #fastnetmon at irc.freenode.net [web client ](https://webchat.freenode.net/ )
- Telegram: [fastnetmon ](https://t.me/fastnetmon )
Follow us at social media:
-------
- [Twitter ](https://twitter.com/fastnetmon )
- [LinkedIn ](https://www.linkedin.com/company/fastnetmon/ )
- [Facebook ](https://www.facebook.com/fastnetmon/ )
2018-03-01 19:33:13 +00:00
Complete integration with the following vendors
2016-07-27 07:25:16 +00:00
--------------------------------
2018-12-06 22:00:01 +00:00
- [Juniper integration ](src/juniper_plugin )
2016-07-28 14:54:16 +00:00
- [A10 Networks Thunder TPS Appliance integration ](src/a10_plugin )
2022-02-10 13:38:13 +00:00
- [MikroTik RouterOS ](src/mikrotik_plugin )
2016-07-27 07:25:16 +00:00
2015-10-06 15:37:27 +00:00
Features
--------
2022-02-10 13:38:13 +00:00
- Detects DoS/DDoS in as little as 1-2 seconds
- Scales up to terabits on single server (sFlow, Netflow, IPFIX) or to 40G + in mirror mode
2016-05-25 14:46:50 +00:00
- Trigger block/notify script if an IP exceeds defined thresholds for packets/bytes/flows per second
2022-02-10 13:38:13 +00:00
- [Complete support ](https://fastnetmon.com/docs/detected_attack_types/ ) for most popular attack types
- Thresholds can be configured per-subnet basis with the hostgroups feature
2022-02-10 13:38:13 +00:00
- Announce blocked IPs via BGP to routers with [ExaBGP ](https://fastnetmon.com/docs/exabgp_integration/ ) or [GoBGP ](https://fastnetmon.com/docs/gobgp-integration/ )
2017-12-03 12:40:58 +00:00
- Full integration with [Graphite ](https://fastnetmon.com/docs/graphite_integration/ ) and [InfluxDB ](https://fastnetmon.com/docs/influxdb_integration/ )
2022-02-10 13:38:13 +00:00
- [API ](https://fastnetmon.com/docs/fastnetmon-community-api/ )
2017-12-03 13:08:51 +00:00
- [Redis ](https://fastnetmon.com/docs/redis/ ) integration
2017-12-03 13:05:39 +00:00
- [MongoDB ](https://fastnetmon.com/docs/mongodb/ ) integration
2022-02-10 13:38:13 +00:00
- Netmap support (wire speed processing; only Intel hardware NICs or any hypervisor VM type)
- Supports L2TP decapsulation, VLAN untagging in mirror mode
2018-03-01 19:33:13 +00:00
- Complete plug-in support
- Capture attack fingerprints in PCAP format
2022-02-10 13:38:13 +00:00
- Experimental [BGP Flow Spec support ](https://fastnetmon.com/docs/bgp_flow_spec/ ), RFC 5575
2014-11-22 13:17:26 +00:00
2015-10-06 15:37:27 +00:00
Running Fastnetmon
------------------
### Supported platforms
2022-02-10 13:38:13 +00:00
- Linux (Debian, CentOS, Ubuntu), [install instructions ](https://fastnetmon.com/install/ )
2019-07-11 20:01:48 +00:00
- FreeBSD: [official port ](https://www.freshports.org/net-mgmt/fastnetmon/ ).
2015-05-18 22:14:27 +00:00
2016-08-20 12:15:01 +00:00
### Hardware requirements
2022-02-10 13:38:13 +00:00
- At least 1 GB of RAM
2016-08-20 12:15:01 +00:00
2015-10-06 15:37:27 +00:00
### Router integration instructions
2017-12-03 13:11:26 +00:00
- [Juniper MX Routers ](https://fastnetmon.com/docs/junos_integration/ )
2015-07-22 20:07:33 +00:00
2015-10-06 15:37:27 +00:00
2018-03-01 19:33:13 +00:00
Screenshots
2015-10-06 15:37:27 +00:00
------------
2018-03-01 19:33:13 +00:00
Main program:
2014-06-08 10:30:03 +00:00
2015-03-22 10:45:52 +00:00
2014-06-08 10:29:37 +00:00
2014-11-22 13:17:26 +00:00
Example deployment scheme:
2019-04-16 07:17:26 +00:00
2014-11-14 20:43:00 +00:00
2018-03-01 19:33:13 +00:00
Example of [notification email ](https://fastnetmon.com/docs/attack_report_example/ ) about detected attack:
2014-12-02 13:42:40 +00:00
2017-12-03 12:25:13 +00:00
Author: [Pavel Odintsov ](http://uk.linkedin.com/in/podintsov/ )
