09.04.2018

Escalation script for FastNetMon Advanced

FastNetMon Advanced provides number of options to apply different actions when it discovered DDoS attack. Also, it provides number of options to extend it using different approaches.

In this guide we will provide completely working approach for implementing escalations. Using this script, you can configure FastNetMon to create custom BGP announce for already blocked (blackholed) host when it crosses specified (“emergency”) threshold of traffic.

To use this script, please configure BGP┬áThen, please enable API You need to set secure password for API and then please specify this password inside specified script on line: “auth_data”.

Please put this script into folder /opt under name “escalation_to_bgp_blackhole.py” and set execution flag on it:

Please install dependencies:

Also, in script you need to change following configuration options according to your requirements:

Finally, please add following cron entry in file /etc/cron.d/escalation_to_bgp_blackhole:

Apply changes for cron:

This script will run each minute, check list of all already blackholed hosts and if they exceed thresholds in script it will announce /24 subnet for them with specified nexthop and community.