carbon+grafana on raspberry pi2 in 2019

実例の非常に多いであろうraspberry pi2*1でデータを貯めてgrafanaでみてみよう、みたいなことを、今時点(2019)で、こんな手順で、みたいなメモです。データストアとしてgraphite-carbon(whisper)を使い、これもpi2の中に押し込んで、データ量青天井とか同時大量アクセスとかは望めないなれど、一人分の一人使い用途としてはいい感じと思ってます。

Netwerk: Monitoring 2.0

De bewaking van de continuiteit van een netwerk volstaat tegenwoordig niet meer met het controleren of routers bereikbaar zijn, of het netwerk verkeer kan transporteren, of hoeveel verkeer dit betreft. Traffic moet ook geanalyseerd kunnen worden: wat is de bron en het doel, om welk protocol gaat het, welke poorten worden gebruikt en op welk moment?

M3AAWG Border Gateway Protocol (BGP) Flowspec Best Practices (pdf)

This paper is for individuals wanting to learn more about Flowspec and are interested in taking advantage of the numerous opportunities for use that it offers. It is written for network engineers responsible for Network Service Provider (NSP), hosting provider, or enterprise networks.

RouterOS+Fastnetmon 全自动BGP路由黑洞 避免被D到路由器冒烟 XD

继BGP速成班后…已经有好几个月想不出新教程…因为本菜鸡的水平实在提升的太慢 …总算经过一番大脑升级之后, 达成了大神们3年前就已经实现的全自动黑洞路由系统…那么3年前的东西, 现在难道没淘汰 ? 完全木有 , Working like a charm !…

Network Telemetry для задач обнаружения DDoS

FastNetMon представляет собой DDoS детектор базирующийся на пороговых значениях трафика. Пороговые значения в данном случае — это уровень трафика в пакетах секунду или байтах секунду для заданного типа трафика…

Proteja-se de ataques DoS/DDoS mitigando com FastNetMon e anuncie os prefixos atacados (blackholes) para sua operadora, usando Mikrotik

Fastnetmon on Ubuntu 18.04

I’ve spent some time trying to manually install Fastnetmon community edition on Ubuntu 18.04 Bionic Beaver. I was unsuccessful. However, I didn’t do an apt-cache search fastnetmon. There is a package in universe. Bionic Beaver also includes exabgp 4.0.2 by default.

Ultra fast automated DDoS detection & mitigation

A few weeks back an Indian ISP contacted me via a contact form on my blog. That ISP has been struggling with a targetted DDoS attack. For the reason of privacy as well as the stability of their network, I will not put their name or AS number.

NetFLOW / sFLOW 流量报告:FastNetMon + InfluxDB + Grafana

最近稍微有点时间折腾了下 Cisco 的三层交换,尝试搭建了一套数据中心用的流量统计/监控/报告系统。过程不是很复杂,但是也只算利用了一套高级软件组合的一点点功能。之后打算继续研究更多的功能实现,不过也要看有没有时间了.

Netwerk: Monitoring 2.0

De bewaking van de continuiteit van een netwerk volstaat tegenwoordig niet meer met het controleren of routers bereikbaar zijn, of het netwerk verkeer kan transporteren, of hoeveel verkeer dit betreft. Traffic moet ook geanalyseerd kunnen worden: wat is de bron en het doel, om welk protocol gaat het, welke poorten worden gebruikt en op welk moment?

FASTNETMON与MIKROTIK集成(DDOS检测系統)

背景
從事IDC行業經常會遇到DDoS攻擊,一般用以下解決辦法處理,即:
– NULL路由
– 一堆金盾用帶寬硬撐
– 切路由到國外清洗(Voxility&incapsula)
– 等死

GARR customer triggered blackholing

From discussions with the GARR working group on “contrast to DDoS”, we understood the importance of a collaboration between GARR and its users to mitigate attacks. With the other components of the group, some open source tools for detecting DDoS and related reporting have been studied and tested.

FastNetMon Integration with MikroTik

This guide will show you how to install and configure FastNetMon to be used with MikroTik and also as a bonus how to integrate it with Slack and Grafana, the first one is used to get reports about DDoS and the second one to have a really great reporting tool that will allow you to check PPS and Throughput as a whole and per IP address…

Metrics and events collection in Ingenico Payment Services

I work at Ingenico Payment Services as an Infrastructure Manager, in a Business Unit called Axis, a card present payment processing platform. The growth of the processing on the platform year over year is double digit and in infrastructure, one has often to answer tricky questions like: Why did yesterday batch finish late ? Do we have enough capacity for hosting this new application ?

养鸡厂厂长日记—规模化Botnet养殖和应用

前一段时间memcache drdos攻击可谓是借着各种渠道火了一次,包括笔者所在的公司也被社会人反手抡了几次,可以预见这种类型的DDoS一旦发生起来非常的可怕。我们对这种情况往往都是看到流量异常之后选择封堵相关的协议和端口,或者有钱的方法直接上电信云堤(据说收费非常坑爹,5000块钱一次,现在不知道涨价没有),这样的话始终处于一个被动挨打的局面,那么有没有什么方法可以稍微减轻一下被动的局面呢?答案在下面. 

A evolução dos ataques de negação de serviço (DoS). Seu provedor está preparado?

Os ataques de negação de serviço, do inglês Denial of Service (DoS), são uma preocupação constante dos administradores de redes e devem ser objeto de muita atenção dos provedores de acesso à internet. Os ataques ocorrem, geralmente, quando uma rede ou aplicação são sobrecarregadas por um volume de tráfego ou processamento anormal, provocados intencionalmente para prejudicar a disponibilidade de um serviço.

Mitigating DDoS

Your first line of defense to any DDoS, at least on the network side, should be to disperse the traffic across as many resources as you can. Basic math implies that if you have fifteen entry points, and each entry point is capable of supporting 10g of traffic, then you should be able to simply absorb a 100g DDoS attack while still leaving 50g of overhead for real traffic (assuming perfect efficiency, of course — YMMV). Dispersing a DDoS in this way may impact performance — but taking bandwidth and resources down is almost always the wrong way to react to a DDoS attack.

How to Prevent DDoS Attacks on a Cloud Server Using Open Source Software

A Distributed Denial of Service Attack (DDoS) is, unfortunately, an increasingly common form of premeditated attack against an organization’s web infrastructure.
Typically, it involves using multiple external systems to flood the target system with requests with the intention of overwhelming the system with network traffic.

BGP BLACKHOLE Community

DDoS attacks continue to be a wide-spread problem on the internet. Their size has grown over the past few years to where BGP Blackholing to reduce collateral damage has become widespread.
As more and more networks built support for BGP Blackholing – each with their own BGP community – it became clear that there was a need for a standardized “well known” community for BGP Blackholing. From this need was born RFC 7999: BLACKHOLE Community. This reserves 65535:666 as the well known, BLACKHOLE.

FastNetMon: Detectando y protegiéndonos de ataques DDoS

Uno de los gajes del oficio del networking y en especial de los ISP son los ataques de Denegación de Servicio Distribuida DDoS.
Hay varias maneras de protegerse, las mejores o con mas opciones son pagas y con elevados costos de licenciamiento. Un proyecto OpenSource (GNU GPLv2) que lo inicio un amigo de Rusia (Pavel Odintsov) llamado FastNetMon es una buena opción como alternativa gratuita. 

FastNetMon – open source DDoS detection new release 1.1.2

Hello, folks!
This article will continue http://www.lowendtalk.com/discussion/43473/open-source-ddos-dos-monitoring-toolkit-fastnetmon . We have spent about 10 months for development of FastNetMon and could present huge feature list now! 🙂Stop! What is FastNetMon? It’s really very fast toolkit which could find attacked host in your network and block it (or redirect to filtering appliance). 

Open source DDoS/DoS monitoring toolkit – FastNetMon

Hello, folks!
I would like to share my DDoS monitoring toolkit with community. You can find it on GitHub: https://github.com/FastVPSEestiOu/fastnetmon
It supports Linux (Centos 5/6, Debian 6/7), FreeBSD 9/10/11 and Mac OS X since Yosemite. It provide ability to detect bandwidth, flow and pps (packet per second) spikes which last more than X seconds and trigger action agains IP which generated this issue (our own IP, not an attacker IP).

FastNetMon – DDoS analyzer

FastNetMon – A high performance DoS/DDoS and netflowk load analyzer built on top of multiple packet capture engines (netmap, PF_RING, sFLOW, Netflow, PCAP). What can we do? We can detect hosts in our own network with a large amount of packets per second/bytes per second or flow per second incoming or outgoing from certain hosts. And we can call an external script which can notify you, switch off a server or blackhole the client.
Why did we write this? Because we can’t find any software for solving this problem in the open source world!

Релиз FastNetMon 1.1.2 открытого решения для мониторинга DoS/DDoS атак

За прошедшие почти 10 месяцев с релиза 1.0.0 была очень большая работа по улучшению программы.
Из основных изменений стоит отметить следующие:

  • Возможность выявлять самые популярные виды атак: syn_flood, icmp_flood, udp_flood, ip_fragmentation_flood

FastNetMon – Very Fast DDoS Analyzer with Sflow/Netflow/Mirror Support

A high performance DoS/DDoS load analyzer built on top of multiple packet capture engines (NetFlow, IPFIX, sFLOW, netmap, PF_RING, PCAP).
What can we do? We can detect hosts in our own network with a large amount of packets per second/bytes per second or flow per second incoming or outgoing from certain hosts. And we can call an external script which can notify you, switch off a server or blackhole the client.

A10 Networks Launches World’s Most Powerful DDoS Protection Solution to Stop Multi-Vector DDoS Disruption

A10 Networks, a leader in application networking and security, today introduced A10 Thunder 14045 TPS, the fastest appliance on the market, that provides highest DDoS attack mitigation for Service Providers, Web 2.0 and Cloud Providers – 300 Gbps of mitigation throughput capacity (or 2.4 terabits per second in a cluster).

FastNetMon 1.0.0 — программа для выявления входящих/исходящих атак

Хотел бы поделиться своей программой для анализа проходящего миррор-порты/роутеры/OpenVZ ноды трафика на предмет входящих/исходящих DDoS атак.

  • Для чего она писалась? Чтобы фиксировать серьезные всплески в сотни kpps по полосе/pps как со стороны клиентов, так и со стороны интернета в сторону клиентов.

FastNetMon 1.0.0 – программа для выявления входящих/исходящих DDoS-атак

Доступен релиз программы FastNetMon 1.0.0, предназначенной для выявления входящих и исходящих DDoS-атак на основе анализа транзитного трафика. Программа разработана для фиксации серьезных всплесков интенсивности отправки пакетов (сотни тысяч пакетов в секунду), как со стороны клиентов, так и со стороны внешней сети в сторону клиентов. Данные о трафике могут собираться через PF_RING (рекомендуется), PCAP (не рекомендуется) и ULOG2 (не рекомендуется). 

Релиз FastNetMon 1.1.2, открытого решения по обнаружению DDoS-атак

Состоялся релиз программы FastNetMon 1.1.2, предназначенной для выявления входящих и исходящих DDoS-атак на основе анализа транзитного трафика. Программа разработана для фиксации серьезных всплесков интенсивности отправки пакетов (сотни тысяч пакетов в секунду), как со стороны клиентов, так и со стороны внешней сети в сторону клиентов. Данные о трафике могут собираться через PF_RING, PCAP, ULOG2, Netmap, NetFlow, sFLOW. На выходе выводится список 10 самых активных потребителей ресурсов сети, как по числу пакетов в секунду, так и по трафику.

FastNetMon – решение для высокоскоростного анализа трафика и блокировки узлов, на которые идет DDoS атака

Данная задача крайне часто встает в моей практике и, к сожалению, не имеет ни красивых ни удобных, ни вообще каких-либо решений.
Что мы делаем? Мы работаем через PF_RING и на очень высокой скорости извлекаем транзитные либо входящие пакеты идущие на нашу машину либо крупную сеть. Приложение написано на С++ и может работать до очень и очень серьезных нагрузок, 10-15 Gbps или 2-5 Mpps – это нормально.

昨天看到這個工具還不錯 fastnetmon

可以使用netflow sflow port mirror的資料來計算pps mbps 及flow數
當到達指定的上限時
可以發出告警或執行特定動作
安裝很簡單
裝好centos 7後

wget https://raw.githubusercontent.com/pavel-odintsov/fastnetmon/master/src/fastnetmon_install.pl -Ofastnetmon_install.pl

perl fastnetmon_install.pl

Un Sanjuanino en Rio Cuarto

Ha pasado mucho tiempo desde la última vez que postee y el motivo del descuido tanto de mi blog como de las redes sociales se debe a los nuevos proyectos que he iniciado y me consume mucho tiempo.
En estos momento me encuentro con varios proyectos en desarrollo, uno de ellos es FastNetMon, un sistema de detección y protección contra ataques DDoS utilizando Netflow.

FastNetMon

High performance DoS/DDoS load analyzer. Kan lyssna på bl.a. Netflow, IPFIX, sFLOW, PCAP, SPAN och PF_RING. Om en överbelastningsattack upptäcks exekveras ett script. Vad scriptet gör avgör man själv, t.ex. maila/SMSa admin eller null routa prefix med ExaBGP. 

Installation:

Debian, Ubuntu, CentOS, Fedora

FastNetMon: Analisador DDoS de Alta Performance com Suporte a Sflow/Netflow/Mirror

FastNetMon é um utilitário que funciona como um analisador de alta performance, voltado para DoS/DDoS. Ele foi projetado a partir de vários mecanismos de captura de pacotes (NetFlow, IPFIX, sFlow, netmap, PF_RING, PCAP). Com ele, é possível detectar guests em sua própria rede, com uma grande quantidade de pacotes por segundo/bytes por segundo ou fluxo por segundo de entrada ou saída de certos hosts. E além disso, também é possível estabelecer comunicação com um script externo que pode notificá-lo e desligar um servidor. 

HOSTED BY JAMES DEAN

Pavel Odinstov, E50 podcast episode

On our 50th episode of The Route to Networking podcast, James Dean had the pleasure of being joined by Pavel Odinstov Co-Founder and CTO at FastNetMon LTD. Pavel is a Software Engineer with a passion for computer networks, with his work being orientated around delivering affordable DDoS protection. During this episode, they delve into everything DDoS-related, involving the biggest changes that Pavel has seen in this space during his career, as well as some of the main concerns he has for the industry as well.

24/7 Tech Support

support@fastnetmon.com

Email Us

sales@fastnetmon.com