DNS

BGP Flow Spec support / RFC 5575 have arrived to FastNetMon!

Hello, folks! We have added second killer feature! Since now we could block only attacker’s traffic to certain hosts in your subnet with awesome BGP Flow Spec. Yes! We do not block whole host! We only block attackers! We have full support for mitigation of most popular attack types: – DNS amplification (we drop all Read more about BGP Flow Spec support / RFC 5575 have arrived to FastNetMon![…]

DNS

DPI support have arrived for FastNetMon!

Hello, folks! We spend whole month for this feature and I would like to offer it here! Since now we could do Deep Packet Inspection for attack fingerprints! 🙂 Very big thanks to nDPI folks which could do nice platform for this task! So, instead of very less informative logs like:

We could generate Read more about DPI support have arrived for FastNetMon![…]

PF_RING

New option have added – collection attack fingerprint in pcap format

Hello, Community! Nice news about new features! Since commit. we could collect 500 packets with full payload to the .pcap file dump for future investigation with tcpdump/wireshark. This option could be used only for mirror ports with netmap or PF_RING. Feature could be enabled with this option:

Feedback are welcome!

host groups

New function in FastNetMon – per subnet thresholds!

Hello, my Lovely Community! Today I want to offer new awesome feature! Since now you could add any number of subnet groups and specify custom thresholds for they. Actually! We did it! Please add host groups to your configuration file /etc/fastnetmon.conf:

But please be aware! You could specify only subnets explicitly mentioned in /etc/networks_list. Read more about New function in FastNetMon – per subnet thresholds![…]