fastnetmon-ng/README.md

96 lines
4.4 KiB
Markdown
Raw Normal View History

2018-04-24 21:45:39 +02:00
![logo](https://fastnetmon.com/wp-content/uploads/2018/01/cropped-new_logo_3var-e1515443553507-1-300x146.png)
Community Edition
2013-11-14 09:23:10 +01:00
===========
2020-07-04 20:45:21 +02:00
FastNetMon - A high performance DoS/DDoS load analyzer built on top of multiple packet capture engines (NetFlow, IPFIX, sFlow, AF_PACKET, Netmap, PCAP).
2015-03-10 23:38:10 +01:00
2018-03-01 20:33:13 +01:00
What do we do?
--------------
We detect hosts in the deployed network sending or receiving large volumes of traffic, packets/bytes/flows, per second and
perform a configurable action to handle that event. These configurable actions include notifying you, switching off the server, or blackholing the client.
2015-06-15 11:59:12 +02:00
2018-09-03 11:29:25 +02:00
Flow is one or more ICMP, UDP, or TCP packets which can be identified via their unique src IP, dst IP, src port, dst port, and protocol fields.
2018-03-01 20:33:13 +01:00
2015-10-06 17:37:27 +02:00
Project
-------
2017-07-30 15:01:24 +02:00
- [Official site](https://fastnetmon.com)
2020-07-04 21:00:43 +02:00
- [FastNetMon Advanced, Commercial Edition](https://fastnetmon.com/fastnetmon-advanced/), [order free one month trial](https://fastnetmon.com/trial/)
2019-04-14 01:38:18 +02:00
- [FastNetMon Advanced and Community difference table](https://fastnetmon.com/compare-community-and-advanced/)
2020-07-04 20:51:03 +02:00
- Detailed reference: [link](https://translate.google.com/translate?sl=auto&tl=en&u=https%3A%2F%2Ffastnetmon.com%2Fwp-content%2Fuploads%2F2017%2F07%2FFastNetMon_Reference_Russian.pdf)
2018-10-06 14:18:42 +02:00
2015-10-06 17:37:27 +02:00
Supported packet capture engines
--------------------------------
2015-03-23 11:39:08 +01:00
- NetFlow v5, v9
- IPFIX
- ![sFlow](http://sflow.org/images/sflowlogo.gif) v5
- PCAP
- AF_PACKET
- Netmap
- PF_RING / PF_RING ZC (available only for CentOS 6 for compatibiliy, otherwise use AF_PACKET)
2015-03-23 11:37:29 +01:00
You can check out the [comparison table](https://fastnetmon.com/docs/capture_backends/) for all available packet capture engines.
2015-04-28 21:39:08 +02:00
2020-07-04 20:51:03 +02:00
Official support groups:
-------
- [Mailing list](https://groups.google.com/forum/#!forum/fastnetmon)
- [Slack](https://join.slack.com/t/fastnetmon/shared_invite/MjM3NDUwNzY4NjA5LTE1MDQ4MzE5NTAtYmU4MjYyYWNiZQ)
- IRC: #fastnetmon at irc.freenode.net [web client](https://webchat.freenode.net/)
- Telegram: [fastnetmon](https://t.me/fastnetmon)
Follow us at social media:
-------
- [Twitter](https://twitter.com/fastnetmon)
- [LinkedIn](https://www.linkedin.com/company/fastnetmon/)
- [Facebook](https://www.facebook.com/fastnetmon/)
2018-03-01 20:33:13 +01:00
Complete integration with the following vendors
--------------------------------
2018-12-06 23:00:01 +01:00
- [Juniper integration](src/juniper_plugin)
2016-07-28 16:54:16 +02:00
- [A10 Networks Thunder TPS Appliance integration](src/a10_plugin)
2020-07-04 20:54:54 +02:00
- [MikroTik RouterOS](src/mikrotik_plugin)
2015-10-06 17:37:27 +02:00
Features
--------
2020-07-04 20:45:21 +02:00
- Detects DoS/DDoS in as little as 1-2 seconds
- Scales up to terabits on single server (sFlow, Netflow, IPFIX) or to 40G + in mirror mode
2016-05-25 16:46:50 +02:00
- Trigger block/notify script if an IP exceeds defined thresholds for packets/bytes/flows per second
2020-07-04 20:45:21 +02:00
- [Complete support](https://fastnetmon.com/docs/detected_attack_types/) for most popular attack types
- Thresholds can be configured per-subnet basis with the hostgroups feature
2020-07-04 21:03:04 +02:00
- [Email notifications](https://fastnetmon.com/docs/attack_report_example/) about detected attack
2020-12-06 20:26:07 +01:00
- IPv6 support for mirror, Netflow and IPFIX modes
2020-07-04 20:59:05 +02:00
- Announce blocked IPs via BGP to routers with [ExaBGP](https://fastnetmon.com/docs/exabgp_integration/) or [GoBGP](https://fastnetmon.com/docs/gobgp-integration/)
2017-12-03 13:40:58 +01:00
- Full integration with [Graphite](https://fastnetmon.com/docs/graphite_integration/) and [InfluxDB](https://fastnetmon.com/docs/influxdb_integration/)
2020-07-04 20:51:03 +02:00
- [API](https://fastnetmon.com/docs/fastnetmon-community-api/)
2017-12-03 14:08:51 +01:00
- [Redis](https://fastnetmon.com/docs/redis/) integration
2017-12-03 14:05:39 +01:00
- [MongoDB](https://fastnetmon.com/docs/mongodb/) integration
2020-07-04 20:45:21 +02:00
- Netmap support (wire speed processing; only Intel hardware NICs or any hypervisor VM type)
- Supports L2TP decapsulation, VLAN untagging in mirror mode
2018-03-01 20:33:13 +01:00
- Complete plug-in support
- Capture attack fingerprints in PCAP format
2020-07-04 20:45:21 +02:00
- Experimental [BGP Flow Spec support](https://fastnetmon.com/docs/bgp_flow_spec/), RFC 5575
2014-11-22 14:17:26 +01:00
2020-07-04 21:05:15 +02:00
Running FastNetMon
2015-10-06 17:37:27 +02:00
------------------
### Hardware requirements
2020-07-04 20:45:21 +02:00
- At least 1 GB of RAM
2020-07-04 21:05:15 +02:00
### Installation
2020-08-02 17:38:25 +02:00
- Linux (Debian, CentOS, RHEL, Ubuntu), [install instructions](https://fastnetmon.com/install/)
2020-07-18 17:54:50 +02:00
- [VyOS](https://fastnetmon.com/fastnetmon-community-on-vyos-rolling-1-3/)
2020-07-04 21:05:15 +02:00
- FreeBSD: [official port](https://www.freshports.org/net-mgmt/fastnetmon/).
2015-10-06 17:37:27 +02:00
### Router integration instructions
2017-12-03 14:11:26 +01:00
- [Juniper MX Routers](https://fastnetmon.com/docs/junos_integration/)
2015-10-06 17:37:27 +02:00
2018-03-01 20:33:13 +01:00
Screenshots
2015-10-06 17:37:27 +02:00
------------
![Main screen image](docs/images/fastnetmon_screen.png)
2020-07-04 21:05:15 +02:00
Example deployment scheme
2020-07-04 21:02:36 +02:00
--------------
2014-12-02 14:42:40 +01:00
2020-07-04 21:02:36 +02:00
![Network diagramm](docs/images/deploy.png)