This guide requires a completely working setup for total hostgroups.
When a hostgroup reaches a specified total traffic value, FastNetMon can call different actions.
To enable this feature, you have to enable ban actions this way:
sudo fcli set main enable_ban enable sudo fcli set main enable_ban_hostgroup enable
Before enabling the automatic way, you can block some hostgroup manually using the following command:
sudo fcli set hostgroup_block global_total
You can list all active blocks this way:
sudo fcli show hostgroup_block
Unblock example:
sudo fcli delete hostgroup_block 9905ee8f-b5fa-4d46-b232-75f508f13fd5
To automate attack detection, please set thresholds:
sudo fcli set hostgroup global_total enable_ban enable sudo fcli set hostgroup global_total enable_ban_incoming enable sudo fcli set hostgroup global_total ban_for_bandwidth enable sudo fcli set hostgroup global_total threshold_mbps 10
After that, please apply the configuration using the commit command, and FastNetMon will start automatic attack detection.
When an attack comes, FastNetMon can run different actions:
- BGP announce of all networks and hosts in hostgroup
- Script callback