Hello, folks! We have added second killer feature! Since now we could block only attacker’s traffic to certain hosts in your subnet with awesome BGP Flow Spec. Yes! We do not block whole host! We only block attackers! We have full support for mitigation of most popular attack types: – DNS amplification (we drop all Read more about BGP Flow Spec support / RFC 5575 have arrived to FastNetMon![…]
Hello, folks! We spend whole month for this feature and I would like to offer it here! Since now we could do Deep Packet Inspection for attack fingerprints! 🙂 Very big thanks to nDPI folks which could do nice platform for this task! So, instead of very less informative logs like:
|
1 |
2015-07-29 22:31:34.081626 188.40.35.183:80 > 37.190.50.41:18037 protocol: tcp flags: syn,ack frag: 0 packets: 1 size: 74 bytes ttl: 0 sample ratio: 1 |
We could generate Read more about DPI support have arrived for FastNetMon![…]
Hello, Community! Nice news about new features! Since commit. we could collect 500 packets with full payload to the .pcap file dump for future investigation with tcpdump/wireshark. This option could be used only for mirror ports with netmap or PF_RING. Feature could be enabled with this option:
|
1 |
collect_attack_pcap_dumps = on |
Feedback are welcome!
Hello, my Lovely Community! Today I want to offer new awesome feature! Since now you could add any number of subnet groups and specify custom thresholds for they. Actually! We did it! Please add host groups to your configuration file /etc/fastnetmon.conf:
|
1 2 3 4 5 6 7 8 9 10 11 12 13 |
# We could create group of hosts with non standard thresholds # You should create this groups before (in configuration file) specifying any limits hostgroup = my_hosts:10.10.10.221/32,10.10.10.222/32 # Configure this group my_hosts_enable_ban = no my_hosts_ban_for_pps = no my_hosts_ban_for_bandwidth = no my_hosts_ban_for_flows = no my_hosts_threshold_pps = 20000 my_hosts_threshold_mbps = 1000 my_hosts_threshold_flows = 3500 |
But please be aware! You could specify only subnets explicitly mentioned in /etc/networks_list. Read more about New function in FastNetMon – per subnet thresholds![…]