This post from our awesome Community member – Vicente De Luca! 🙂
at my company our /32 targets does not have a pre-defined bandwidth rate-limit, which means it is hard to work only based on configured thresholds to set bans. Major part of our traffic is serving https to the world, and sometimes multiple customers share a single IP, making even harder to work with thresholds-only.
with that said, I’ve been working last months on fine tuning an ecosystem to help us fire fight DDoS, where FastNetMon is the main core along other open source projects that are helping me learn traffic, find anomalies, avoid false positives, and than finally YES, send notifications and trigger mitigation techniques.
if you find this interesting, feel free to pass by my github.
PR’s and contributions are more than welcome.
Vicente De Luca