1
0
mirror of https://github.com/pavel-odintsov/fastnetmon synced 2024-11-15 13:34:32 +01:00
fastnetmon-rewritten/README.md
2023-03-27 18:54:20 +01:00

5.0 KiB
Raw Blame History

logo

Community Edition

FastNetMon - A high performance DDoS detector / sensor built on top of multiple packet capture engines: NetFlow, IPFIX, sFlow, AF_PACKET (port mirror).

What do we do?

We detect hosts in the deployed network sending or receiving large volumes of traffic, packets/bytes/flows per second and perform a configurable action to handle that event. These configurable actions include notifying you, calling script or making BGP announces.

FastNetMon is a product of FastNetMon LTD, UK. FastNetMon ® is a registered trademark in the UK and EU.

CI build status

CircleCI

Project

🌏 Official site
FastNetMon Advanced, Commercial Edition
🌟 FastNetMon Advanced, free one month trial
📜 FastNetMon Advanced and Community difference table
📘 Detailed reference
🔏 Privacy policy

Supported packet capture engines

  • NetFlow v5, v9, v9 Lite
  • IPFIX
  • sFlow v5
  • PCAP
  • AF_PACKET (recommended)
  • AF_XDP (XDP based capture)
  • Netmap (deprecated, stil supported only for FreeBSD)
  • PF_RING / PF_RING ZC (deprecated, available only for CentOS 6 in 1.2.0)

You can check out the comparison table for all available packet capture engines.

Official support groups:

Follow us at social media:

Complete integration with the following vendors

Features

  • Detects DoS/DDoS in as little as 1-2 seconds
  • Scales up to terabits on single server (sFlow, Netflow, IPFIX) or to 40G + in mirror mode
  • Trigger block/notify script if an IP exceeds defined thresholds for packets/bytes/flows per second
  • Complete support for most popular attack types
  • Thresholds can be configured per-subnet basis with the hostgroups feature
  • Email notifications about detected attack
  • Complete IPv6 support
  • Prometheus support: system metrics and total traffic counters
  • Flow and packet export to Kafka in JSON and Protobuf format
  • Announce blocked IPs via BGP to routers with ExaBGP or GoBGP (recommended)
  • Full integration with InfluxDB and Graphite
  • API
  • Redis integration
  • MongoDB protocol support compatible with native MongoDB and FerretDB
  • VLAN untagging in mirror and sFlow modes
  • Capture attack fingerprints in PCAP format

Running FastNetMon

Hardware requirements

  • At least 1 GB of RAM

Installation

Router integration instructions

Screenshots

Command line interface Main screen image


Standard Grafana dashboard Grafana total traffic

Example deployment scheme

Network diagramm

Upstream versions in different distributions

FastNetMon upstream distro packaging status