wanderer/ fastnetmon-rewritten
1
0
Fork 0
mirror of https://github.com/pavel-odintsov/fastnetmon synced 2024-05-27 17:16:14 +02:00
Code Issues Releases Activity

version 0.3 changes

This commit is contained in:
Eric Chou 2016-08-12 20:15:27 -07:00
parent 7ba4629012
commit e1eef5e94f
12 changed files with 34 additions and 247 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

47
src/a10_plugin/README.md
View File

@ -1,22 +1,30 @@
#A10 Networks Thunder TPS Appliance AXAPIv3 integration for FastNetMon
This script connect to A10 Thunder TPS Appliance to create Protected Object and announce BGP route toward upstream router upon FastNetMon ban detection.
##Prerequisites:
1. Indicate the fastnetmon_a10_xx.py script as the executed script under /etc/fastnetmon.conf, i.e. notify_script_path=<path>/fastnetmon_a10_v0.2.py.
2. Alternatively, place all files in a directory that is reachable by FastNetMon and indicate it as the executed script in /etc/fastnetmon.conf.
3. Make sure both Python scripts are executable, i.e. "chmod +x a10.py fastnetmon_a10_v0.2.py"
1. A10 Thunder TPS with AXAPIv3. More information on AXAPIv3: https://www.a10networks.com/resources/glossary/axapi-custom-management.
2. Network topology is Asymmetric Reactive with BGP as the routing Protocol. A10 Thunder TPS peers with the upstream router.
Please modify the following:
##Overview:
1. This script connect to A10 Thunder TPS Appliance via AXAPIv3 to create Protected Object.
2. The traffic is onramped via announce BGP route toward upstream router upon FastNetMon ban detection.
3. The BGP route is withdrawn upon unban instruction from FastNetMon.
4. [Important] Please note that the script works in conjection with the tps_base_config_v[xx].txt and tps_zone_config_v[xx].txt files. For example, the script assumes the 'bgp advertised' command is configured under 'ddos dst zone' to advertise the BGP route. Please consult with www.a10networks.com for the latest commands and configuration guides.
4.1 As a matter of reference, the tps_base_config and tps_zone_config configuration files were provided in .txt format under configs/ folder as well as in JSon format under json_configs/ folder. But the assumption is they were pre-configured prior to FastNetMon ban/unban actions.
5. Log of the script is keep under /var/log/fastnetmon-notify.log.
1. A10 Thunder TPS mitigator IP
2. BGP Autonomous System Number
3. Username and Password for your A10 Device. Note that you can use your own password vault or protection schema
##Configuration Steps:
For more information about A10 Networks AXAPIv3:
https://www.a10networks.com/resources/glossary/axapi-custom-management
1. Configure the fastnetmon_a10_xx.py script as the executed script under /etc/fastnetmon.conf, i.e. notify_script_path=<path>/fastnetmon_a10_v0.2.py.
2. Please note that we have various versions of ban actions depending on your topology, such as integration of aGalaxy.
3. Alternatively place all files in a directory that is reachable by FastNetMon and indicate it as the executed script in /etc/fastnetmon.conf.
4. Make sure both Python scripts are executable, i.e. "chmod +x a10.py fastnetmon_a10_v0.2.py"
##Please modify the following in the fastnetmon_a10_v[xx].py script
v0.2 - Jul 7th, 2016 - initial commit
1. A10 Thunder TPS mitigator IP.
2. Username and Password for your A10 Device. Please follow your own password vault or other security schema.
Author: Eric Chou ericc@a10networks.com, Rich Groves rgroves@a10networks.com
@ -40,18 +48,9 @@ Zone Name / Zone Service Info | [State]| Curr Conn| Conn Rate| Pkt
Displayed Entries: 1
Displayed Services: 0
TH4435-1#sh run router bgp
!Section configuration: 221 bytes
!
router bgp 64513
<skip>
network 10.10.10.10/32
<skip>
!
TH4435-1#
TH4435-1#sh run router bgp | i 10.10.10.10
network 10.10.10.10/32
TH4435-1#
TH4435#sh ip bgp neighbors <upstream router IP> advertised-routes
```
- Unban action:
@ -59,7 +58,7 @@ TH4435-1#
a10-ubuntu3:~/fastnetmon/src/a10_plugin$ sudo python fastnetmon_a10_v0.2.py "10.10.10.10" "outgoing" "111111" "unban"
```
TH4435-1#sh run router bgp | i 10.10.10.10
TH4435-1#sh ip bgp neighbors <upstream router IP> advertised-routes
TH4435-1#
```

10
src/a10_plugin/change_log.txt Normal file
View File

@ -0,0 +1,10 @@
Change Logs:
[8/12/2016]
- removed configs/dns_test_server.txt
- added configs/tps_base_config_v1.txt and configs/tps_zone_config_v1.txt
- modified README file to reflect the dependencies for items under configs/ folder.
- created change_log.txt
- modify json_configs/ddos_dst_zone.py to match json_configs/tps_zone_config_json_v1.txt
- Took out BGP network advertisement, use 'bgp advertise' under dst zone instead

14
src/a10_plugin/configs/dns_test_server.txt
View File

@ -1,14 +0,0 @@
!
ddos dst zone Test-Server
ip 210.0.0.10
operational-mode monitor
port 53 udp
level 0
zone-escalation-score 1
indicator pkt-rate
score 50
zone-threshold 1
zone-violation-actions bmf_a10_script
level 1
!

2
src/a10_plugin/configs/tps_base_config_v1.txt
View File

@ -1,4 +1,4 @@
ystem anomaly log
system anomaly log
system attack log
system ddos-attack log
!

94
src/a10_plugin/fastnetmon_a10_v0.2.py
View File

@ -1,94 +0,0 @@
#!/usr/bin/python
#
# v0.1 created [ban | unban] [on ramp | off ramp action] for A10 TPS
# v0.2 offload URI path and json_body into separate json_config files
# Eric Chou (ericc@a10networks.com)
#
import sys
from sys import stdin
import optparse
import logging, json
from a10 import axapi_auth, axapi_action
from json_config.logoff import logoff_path
from json_config.write_memory import write_mem_path
from json_config.ddos_dst_zone import ddos_dst_zone_path, ddos_dst_zone
from json_config.bgp import bgp_advertisement_path, bgp_advertisement
LOG_FILE = "/var/log/fastnetmon-notify.log"
logger = logging.getLogger("DaemonLog")
logger.setLevel(logging.INFO)
formatter = logging.Formatter("%(asctime)s - %(name)s - %(levelname)s - %(message)s")
handler = logging.FileHandler(LOG_FILE)
handler.setFormatter(formatter)
logger.addHandler(handler)
client_ip_as_string=sys.argv[1]
data_direction=sys.argv[2]
pps_as_string=int(sys.argv[3])
action=sys.argv[4]
logger.info(" - " . join(sys.argv))
# A10 Mitigator Information
mitigator_ip = "192.168.199.152"
zone_name = client_ip_as_string + "_zone"
ip_addr = client_ip_as_string
asn="65003"
mitigator_base_url, signature = axapi_auth(mitigator_ip, "admin", "a10")
if action == "unban":
try:
r = axapi_action(mitigator_base_url+'/axapi/v3/router/bgp/'+asn+'/network/ip-cidr/172.31.201.2%2F32', method="DELETE", signature=signature)
except Exception as e:
logger.info("route not removed in unban, returned: " + str(e))
# Commit config
axapi_action(mitigator_base_url+write_mem_path, signature=signature)
# Logoff
axapi_action(mitigator_base_url+logoff_path, signature=signature)
sys.exit(0)
elif action == "ban" or action == "attack_details":
r = axapi_action(mitigator_base_url+ddos_dst_zone_path, method='GET', signature=signature)
if zone_name in [i['zone-name'] for i in json.loads(r)['zone-list']]:
r = axapi_action(mitigator_base_url+ddos_dst_zone_path+zone_name, method="DELETE", signature=signature)
logger.info(str(r))
# A10 Mitigation On Ramp
zone_name = client_ip_as_string + "_zone"
ip_addr = client_ip_as_string
returned_body = ddos_dst_zone(zone_name, ip_addr)
try:
r = axapi_action(mitigator_base_url+ddos_dst_zone_path, signature=signature, payload=returned_body)
except Exception as e:
logger("zone not created: " + str(e))
route_advertisement = bgp_advertisement(ip_addr)
try:
r = axapi_action(mitigator_base_url+bgp_advertisement_path+asn, payload=route_advertisement, signature=signature)
except Exception as e:
logger("route not added: " + str(e))
# Commit changes
axapi_action(mitigator_base_url+write_mem_path, signature=signature)
# Log off
axapi_action(mitigator_base_url+logoff_path, signature=signature)
sys.exit(0)
else:
sys.exit(0)

0
src/a10_plugin/json_config/__init__.py
View File

16
src/a10_plugin/json_config/bgp.py
View File

@ -1,16 +0,0 @@
bgp_advertisement_path = '/axapi/v3/router/bgp/'
def bgp_advertisement(ip_addr):
route_advertisement = {
"bgp":
{
"network": {
"ip-cidr-list": [
{
"network-ipv4-cidr":ip_addr+"/32",
}
]
},
}
}
return route_advertisement

44
src/a10_plugin/json_config/ddos_dst_zone.py
View File

@ -1,44 +0,0 @@
ddos_dst_zone_path = '/axapi/v3/ddos/dst/zone/'
def ddos_dst_zone(zone_name, ip_addr):
port_num = 53
port_protocol = 'udp'
ddos_dst_zone_payload = {
"zone-list": [
{
"zone-name":zone_name,
"ip": [
{
"ip-addr":ip_addr
}
],
"operational-mode":"monitor",
"port": {
"zone-service-list": [
{
"port-num":port_num,
"protocol":port_protocol,
"level-list": [
{
"level-num":"0",
"zone-escalation-score":1,
"indicator-list": [
{
"type":"pkt-rate",
"score":50,
"zone-threshold-num":1,
}
],
},
{
"level-num":"1",
}
],
}
],
},
}
]
}
return ddos_dst_zone_payload

3
src/a10_plugin/json_config/logoff.py
View File

@ -1,3 +0,0 @@
logoff_path = '/axapi/v3/logoff'

1
src/a10_plugin/json_config/write_memory.py
View File

@ -1 +0,0 @@
write_mem_path = '/axapi/v3/write/memory'

37
src/a10_plugin/json_config/tps_base_config_json_v1.txt → src/a10_plugin/json_configs/tps_base_config_json_v1.txt
View File

@ -6,7 +6,6 @@ a10-url:/axapi/v3/admin
"uuid":"57937c0c-06cb-11e6-86f7-000c2998bd62",
"password": {
"encrypted-in-module":"sCyT4priW1OZSg3m1RiAf0bOyZ0Odnf1rQRp+BHohemGp1YhW+V1NjwQjLjV2wDn",
"uuid":"57939002-06cb-11e6-86f7-000c2998bd62"
}
}
]
@ -16,7 +15,6 @@ a10-url:/axapi/v3/multi-config
{
"multi-config": {
"enable":1,
"uuid":"f092f0a8-f579-11e5-9035-000c29188423"
}
}
@ -24,7 +22,6 @@ a10-url:/axapi/v3/monitor
{
"monitor": {
"buffer-usage":91750,
"uuid":"cb839304-7f58-11e5-9c10-000c2969ee03"
}
}
@ -36,7 +33,6 @@ a10-url:/axapi/v3/system
"attack-log":1,
"ddos-attack":1,
"ddos-log":1,
"uuid":"cb839782-7f58-11e5-9c10-000c2969ee03"
}
}
@ -46,7 +42,6 @@ a10-url:/axapi/v3/class-list
{
"name":"ddos-block",
"file":1,
"uuid":"e30f55c2-d17d-11e5-a0c9-370c07f071f0"
}
]
}
@ -55,7 +50,6 @@ a10-url:/axapi/v3/hostname
{
"hostname": {
"value":"tps-fastnetmon",
"uuid":"cb83a236-7f58-11e5-9c10-000c2969ee03"
}
}
@ -69,7 +63,6 @@ a10-url:/axapi/v3/interface/management
"default-gateway":"x.x.x.x"
},
"action":"enable",
"uuid":"d0bdee32-7f58-11e5-8648-000c2969ee03"
}
}
@ -80,16 +73,13 @@ a10-url:/axapi/v3/interface/ethernet
"ifnum":1,
"name":"Inbound",
"action":"enable",
"uuid":"cb83a4e8-7f58-11e5-9c10-000c2969ee03",
"ddos": {
"inside":1,
"uuid":"2c639224-06cb-11e6-a5cd-000c2998bd62"
}
},
{
"ifnum":2,
"name":"Outbound",
"uuid":"cb83a5e2-7f58-11e5-9c10-000c2969ee03"
}
]
}
@ -101,19 +91,16 @@ a10-url:/axapi/v3/glid
"name":"1",
"description":"10gbps rate limiter",
"bit-rate-limit":10000000,
"uuid":"3b62871e-ff1c-11e5-92fe-000c29c261a5"
},
{
"name":"2",
"description":"1gbps rate limiter",
"bit-rate-limit":1000000,
"uuid":"f422ba0e-0641-11e6-88f9-000c29c261a5"
},
{
"name":"3",
"description":"100mbps rate limiter",
"bit-rate-limit":100000,
"uuid":"52f1d6ac-06cc-11e6-86f7-000c2998bd62"
}
]
}
@ -123,7 +110,6 @@ a10-url:/axapi/v3/ddos/protection
"protection": {
"toggle":"enable",
"rate-interval":"1sec",
"uuid":"cb83a6c8-7f58-11e5-9c10-000c2969ee03"
}
}
@ -131,7 +117,6 @@ a10-url:/axapi/v3/ddos/resource-tracking/cpu
{
"cpu": {
"enable":1,
"uuid":"2f7a3198-cd14-11e5-abab-000c29d5128f"
}
}
@ -142,7 +127,6 @@ a10-url:/axapi/v3/ddos/zone-template/logging
"logging-tmpl-name":"cef-logger",
"log-format-cef":1,
"enable-action-logging":1,
"uuid":"6573c09a-ff1c-11e5-92fe-000c29c261a5"
}
]
}
@ -157,7 +141,6 @@ a10-url:/axapi/v3/ddos/zone-template/tcp
"syn-auth-pass-action":"authenticate-src",
"syn-auth-fail-action":"drop"
},
"uuid":"3a627a92-06c7-11e6-a5cd-000c2998bd62"
}
]
}
@ -175,7 +158,6 @@ a10-url:/axapi/v3/ddos/zone-template/udp
"known-resp-src-port":1,
"known-resp-src-port-action":"drop"
},
"uuid":"41a32342-06c7-11e6-a5cd-000c2998bd62"
}
]
}
@ -185,11 +167,9 @@ a10-url:/axapi/v3/ddos/src/default
"default-list": [
{
"default-address-type":"ip",
"uuid":"88718bf0-d16c-11e5-a0c9-370c07f071f0"
},
{
"default-address-type":"ipv6",
"uuid":"c16cea34-d3d4-11e5-a730-000c29d5128f"
}
]
}
@ -198,7 +178,6 @@ a10-url:/axapi/v3/logging/syslog
{
"syslog": {
"syslog-levelname":"information",
"uuid":"cb8468f6-7f58-11e5-9c10-000c2969ee03"
}
}
@ -207,7 +186,6 @@ a10-url:/axapi/v3/logging/host/ipv4addr
"ipv4addr-list": [
{
"host-ipv4":"x.x.x.x",
"uuid":"51393f4a-d31d-11e5-9967-000c29d5128f"
}
]
}
@ -221,7 +199,6 @@ a10-url:/axapi/v3/router/bgp
"log-neighbor-changes":1,
"router-id":"x.x.x.x"
},
"uuid":"775fd5a2-0690-11e6-a0e2-000c29c261a5",
"neighbor": {
"ipv4-neighbor-list": [
{
@ -234,7 +211,6 @@ a10-url:/axapi/v3/router/bgp
"nbr-rmap-direction":"out"
}
],
"uuid":"824b2b74-0690-11e6-a0e2-000c29c261a5"
}
]
}
@ -249,7 +225,6 @@ a10-url:/axapi/v3/route-map
"tag":"ddos-advertise",
"action":"permit",
"sequence":1,
"uuid":"57903fe2-06cb-11e6-86f7-000c2998bd62"
}
]
}
@ -259,7 +234,6 @@ a10-url:/axapi/v3/sflow/setting
"setting": {
"max-header":128,
"packet-sampling-rate":1000,
"uuid":"c36affaa-06ca-11e6-a5cd-000c2998bd62"
}
}
@ -270,7 +244,6 @@ a10-url:/axapi/v3/sflow/collector/ip
"addr":"x.x.x.x",
"port":6343,
"use-mgmt-port":1,
"uuid":"ffd9531a-06ca-11e6-a5cd-000c2998bd62"
}
]
}
@ -279,7 +252,6 @@ a10-url:/axapi/v3/sflow/agent/address
{
"address": {
"ip":"x.x.x.x",
"uuid":"fa5b10ba-06c8-11e6-a5cd-000c2998bd62"
}
}
@ -292,7 +264,6 @@ a10-url:/axapi/v3/sflow/sampling
"eth-end":1
}
],
"uuid":"c3714a04-06ca-11e6-a5cd-000c2998bd62"
}
}
@ -301,35 +272,27 @@ a10-url:/axapi/v3/vcs-vblades/stat
"stat-list": [
{
"vblade-id":1,
"uuid":"55d1650a-06cb-11e6-a9b6-000c2998bd62"
},
{
"vblade-id":2,
"uuid":"55d16532-06cb-11e6-a9b6-000c2998bd62"
},
{
"vblade-id":3,
"uuid":"55d16564-06cb-11e6-a9b6-000c2998bd62"
},
{
"vblade-id":4,
"uuid":"55d1658c-06cb-11e6-a9b6-000c2998bd62"
},
{
"vblade-id":5,
"uuid":"55d165be-06cb-11e6-a9b6-000c2998bd62"
},
{
"vblade-id":6,
"uuid":"55d165e6-06cb-11e6-a9b6-000c2998bd62"
},
{
"vblade-id":7,
"uuid":"55d1660e-06cb-11e6-a9b6-000c2998bd62"
},
{
"vblade-id":8,
"uuid":"55d16636-06cb-11e6-a9b6-000c2998bd62"
}
]
}

13
src/a10_plugin/json_config/tps_zone_config_json_v1.txt → src/a10_plugin/json_configs/tps_zone_config_json_v1.txt
View File

@ -15,18 +15,15 @@ a10-url:/axapi/v3/ddos/dst/zone
},
"log-enable":1,
"log-periodic":1,
"uuid":"2d503b52-06cf-11e6-86f7-000c2998bd62",
"ip-proto": {
"proto-tcp-udp-list": [
{
"protocol":"tcp",
"drop-frag-pkt":1,
"uuid":"2d6b9672-06cf-11e6-86f7-000c2998bd62"
},
{
"protocol":"udp",
"drop-frag-pkt":1,
"uuid":"2d6be0d2-06cf-11e6-86f7-000c2998bd62"
}
],
"proto-name-list": [
@ -34,13 +31,11 @@ a10-url:/axapi/v3/ddos/dst/zone
"protocol":"icmp-v4",
"deny":1,
"detection-enable":1,
"uuid":"2d6c202e-06cf-11e6-86f7-000c2998bd62"
},
{
"protocol":"icmp-v6",
"deny":1,
"detection-enable":1,
"uuid":"2d6e1f0a-06cf-11e6-86f7-000c2998bd62"
}
]
},
@ -50,18 +45,15 @@ a10-url:/axapi/v3/ddos/dst/zone
"port-other":"other",
"protocol":"tcp",
"detection-enable":1,
"uuid":"2d6fe3f8-06cf-11e6-86f7-000c2998bd62",
"level-list": [
{
"level-num":"0",
"zone-escalation-score":10,
"uuid":"2d717506-06cf-11e6-86f7-000c2998bd62",
"indicator-list": [
{
"type":"pkt-rate",
"score":20,
"zone-threshold-num":1,
"uuid":"2d72359a-06cf-11e6-86f7-000c2998bd62"
}
]
},
@ -70,7 +62,6 @@ a10-url:/axapi/v3/ddos/dst/zone
"zone-template": {
"tcp":"tcp-protect1"
},
"uuid":"2d72f9bc-06cf-11e6-86f7-000c2998bd62"
}
]
},
@ -78,18 +69,15 @@ a10-url:/axapi/v3/ddos/dst/zone
"port-other":"other",
"protocol":"udp",
"detection-enable":1,
"uuid":"2d73a7cc-06cf-11e6-86f7-000c2998bd62",
"level-list": [
{
"level-num":"0",
"zone-escalation-score":10,
"uuid":"2d742dc8-06cf-11e6-86f7-000c2998bd62",
"indicator-list": [
{
"type":"pkt-rate",
"score":20,
"zone-threshold-num":1,
"uuid":"2d754f64-06cf-11e6-86f7-000c2998bd62"
}
]
},
@ -98,7 +86,6 @@ a10-url:/axapi/v3/ddos/dst/zone
"zone-template": {
"udp":"udp-protect1"
},
"uuid":"2d7646e4-06cf-11e6-86f7-000c2998bd62"
}
]
}