26.08.2016

Features

  • Complete BGP Flow Spec support, RFC 5575
  • Process and distinguish incoming and/or outgoing traffic
  • Trigger block/notify script if an IP exceeds defined thresholds for packets/bytes/flows per second
  • Thresholds can be configured per-subnet with the hostgroups feature
  • Announce blocked IPs via BGP to routers with ExaBGP
  • GoBGP integration for unicast IPv4 announcements (you need build support manually).
  • Full integration with Graphite and InfluxDB
  • API (you need build support manually)
  • Redis integration
  • MongoDB integration
  • Deep packet inspection for attack traffic
  • netmap support (open source; wire speed processing; only Intel hardware NICs or any hypervisor VM type)
  • SnabbSwitch support (open source, very flexible, LUA driven, very-very-very fast)
  • Filter NetFlow v5 flows or sFLOW packets with LUA scripts (useful for excluding particular ports)
  • Supports L2TP decapsulation, VLAN untagging and MPLS processing in mirror mode
  • Works on server/soft-router
  • Detects DoS/DDoS in as little as 1-2 seconds
  • Tested up to 10Gb with 12 Mpps on Intel i7 3820 with Intel NIC 82599
  • Complete plugin support
  • Captures attack fingerprints in PCAP format
  • Complete support for most popular attack types