Hello, DDoS Mitigation Community 🙂 I have another awesome news about FreeBSD! We become part of official FreeBSD port tree. My huge thanks to Babak Farrokhi for doing this job! Looking for testers for new port! 🙂
Hello, my Dear Community! I would like to present next significant step in FastNetMon development. We have added support for AF_PACKET. What is AF_PACKET? It’s standard Linux facility for really fast packet capture. You could read more in my article. We got following features with AF_PACKET: We could capture traffic on really big speed (we Read more about AF_PACKET support arrived! You could run FastNetMon in mirror mode without external kernel modules[…]
Hello folks! I want to share new full and detailed documentation about project: FastNetMon Reference Russian 🙂 So it’s only in russian now, sorry 🙁 But you could try to use Google Translate for Documents and upload this pdf to it. Translation result is pretty well and could be understood!
Hello, my Dear Community! Yesterday I received nice feature request at GitHub. There are so much ideas here but my favorite is “syslog logging”. So for really bug instances or distributed deployments it will be a very useful thing. And I have implemented this feature. Finally, we have new configuration options here: logging:local_syslog_logging = no Read more about Local and remote syslog support have added[…]
Hello, folks! I want to share this information because you should know it and I do not want to broke your privacy. I have added code which request external URL and pass your distribution type and version to my own VPS when you are installing FastNetMon. I have do it for two cases: Determine most Read more about Privacy and FastNetMon[…]
Hello, folks! If somebody like InfluxDB like me you could be interested in latest update about this awesome database 🙂 You could find docs about it here. I have finished some tests and InfluxDB works perfectly an lightning fast! 😉 So performance of InfluxDB and Graphite is discussable.
Hello, folks! We have added second killer feature! Since now we could block only attacker’s traffic to certain hosts in your subnet with awesome BGP Flow Spec. Yes! We do not block whole host! We only block attackers! We have full support for mitigation of most popular attack types: – DNS amplification (we drop all Read more about BGP Flow Spec support / RFC 5575 have arrived to FastNetMon![…]
Hello, folks! We spend whole month for this feature and I would like to offer it here! Since now we could do Deep Packet Inspection for attack fingerprints! 🙂 Very big thanks to nDPI folks which could do nice platform for this task! So, instead of very less informative logs like: 2015-07-29 22:31:34.081626 22.214.171.124:80 > Read more about DPI support have arrived for FastNetMon![…]
Hello, Community! Nice news about new features! Since commit. we could collect 500 packets with full payload to the .pcap file dump for future investigation with tcpdump/wireshark. This option could be used only for mirror ports with netmap or PF_RING. Feature could be enabled with this option: collect_attack_pcap_dumps = on Feedback are welcome!
Hello, my Lovely Community! Today I want to offer new awesome feature! Since now you could add any number of subnet groups and specify custom thresholds for they. Actually! We did it! Please add host groups to your configuration file /etc/fastnetmon.conf: # We could create group of hosts with non standard thresholds # You should Read more about New function in FastNetMon – per subnet thresholds![…]