Slides about DDoS detection tool. IPFIX, sFlow, Netflow support. Instant detection. Complete API and command line tools.
Free trial: https://fastnetmon.com/trial/
Ripe71 FastNetMon open source DoS / DDoS mitigationPavel Odintsov
This document describes FastNetMon, an open source DDoS mitigation toolkit. It provides concise summaries of network traffic and detects DDoS attacks in real-time. It can block malicious traffic through methods like BGP announcements. FastNetMon supports many Linux distributions and can integrate with hardware/cloud solutions. It detects attacks faster than traditional hardware/service approaches through optimized packet capture using tools like Netmap and PF_RING.
This document discusses using fastnetmon and ExaBGP to monitor and mitigate DDoS attacks at the University of Wisconsin-Platteville. Fastnetmon monitors network traffic in real-time and detects DDoS attacks based on packet, bandwidth, and flow thresholds. It then triggers ExaBGP to inject blackhole routes to drop attack traffic while allowing legitimate traffic to pass. This integrated solution allows the university to automatically detect and mitigate DDoS attacks in near real-time.
This document discusses techniques for mitigating distributed denial of service (DDoS) attacks, including remotely triggered black hole filtering (RTBH) and BGP FlowSpec. It provides an overview of DDoS attack trends, types, and impacts. It also introduces the open-source FastNetMon tool for DDoS detection using network telemetry and introducing mitigation actions like flow blocking through integration with tools like ExaBGP.
BGP FlowSpec experience and future developmentsPavel Odintsov
This document discusses BGP FlowSpec, which is a technique for mitigating DDoS attacks. It provides an overview of FlowSpec implementations by various vendors and open source tools. It also discusses operational experience with FlowSpec deployments. While FlowSpec works well against many amplification attacks, the document notes some limitations and areas for improvement. This includes improving router scale, adding flexibility to payload matching, and developing standards for traffic reporting across administrative domains. Overall, FlowSpec is presented as a mature mitigation technique, but one that requires continued development and vendor/operator collaboration to address evolving attacks.
Ultra fast DDoS Detection with FastNetMon at Coloclue (AS 8283)Pavel Odintsov
This document discusses how Coloclue, a non-profit volunteer-driven ISP, automated the detection and mitigation of DDoS attacks through the use of FastNetMon and BIRD. FastNetMon allows for detection of attacks within 3 seconds by monitoring traffic levels. BIRD then injects selective blackhole routes within 1 second to mitigate attacks by dropping traffic for 1 IP or subnet for 60 seconds. This approach solves the DDoS problem within 4 seconds through 100% automated detection and mitigation.
Обеспечение безопасности сети оператора связи с помощью BGP FlowSpecCisco Russia
The document discusses using BGP FlowSpec to provide network security for an internet service provider. It begins with an introduction to BGP FlowSpec, describing its components and how rules are distributed using BGP. It then covers using BGP FlowSpec for different DDoS mitigation scenarios, including stateless amplification attacks, stateless L3/L4 attacks, and stateful attacks targeting application resources. Configuration and other use cases are also briefly mentioned.
GoBGP is an open source BGP implementation written in Go that aims for high performance. It uses gRPC for its API-first architecture and OpenConfig for its vendor-neutral configuration model. Some key uses of GoBGP include as a high performance route server, for integration with data analysis systems via its APIs, and as a BGP implementation for whitebox switches.
Ripe71 FastNetMon open source DoS / DDoS mitigationPavel Odintsov
This document describes FastNetMon, an open source DDoS mitigation toolkit. It provides concise summaries of network traffic and detects DDoS attacks in real-time. It can block malicious traffic through methods like BGP announcements. FastNetMon supports many Linux distributions and can integrate with hardware/cloud solutions. It detects attacks faster than traditional hardware/service approaches through optimized packet capture using tools like Netmap and PF_RING.
This document discusses using fastnetmon and ExaBGP to monitor and mitigate DDoS attacks at the University of Wisconsin-Platteville. Fastnetmon monitors network traffic in real-time and detects DDoS attacks based on packet, bandwidth, and flow thresholds. It then triggers ExaBGP to inject blackhole routes to drop attack traffic while allowing legitimate traffic to pass. This integrated solution allows the university to automatically detect and mitigate DDoS attacks in near real-time.
This document discusses techniques for mitigating distributed denial of service (DDoS) attacks, including remotely triggered black hole filtering (RTBH) and BGP FlowSpec. It provides an overview of DDoS attack trends, types, and impacts. It also introduces the open-source FastNetMon tool for DDoS detection using network telemetry and introducing mitigation actions like flow blocking through integration with tools like ExaBGP.
BGP FlowSpec experience and future developmentsPavel Odintsov
This document discusses BGP FlowSpec, which is a technique for mitigating DDoS attacks. It provides an overview of FlowSpec implementations by various vendors and open source tools. It also discusses operational experience with FlowSpec deployments. While FlowSpec works well against many amplification attacks, the document notes some limitations and areas for improvement. This includes improving router scale, adding flexibility to payload matching, and developing standards for traffic reporting across administrative domains. Overall, FlowSpec is presented as a mature mitigation technique, but one that requires continued development and vendor/operator collaboration to address evolving attacks.
Ultra fast DDoS Detection with FastNetMon at Coloclue (AS 8283)Pavel Odintsov
This document discusses how Coloclue, a non-profit volunteer-driven ISP, automated the detection and mitigation of DDoS attacks through the use of FastNetMon and BIRD. FastNetMon allows for detection of attacks within 3 seconds by monitoring traffic levels. BIRD then injects selective blackhole routes within 1 second to mitigate attacks by dropping traffic for 1 IP or subnet for 60 seconds. This approach solves the DDoS problem within 4 seconds through 100% automated detection and mitigation.
Обеспечение безопасности сети оператора связи с помощью BGP FlowSpecCisco Russia
The document discusses using BGP FlowSpec to provide network security for an internet service provider. It begins with an introduction to BGP FlowSpec, describing its components and how rules are distributed using BGP. It then covers using BGP FlowSpec for different DDoS mitigation scenarios, including stateless amplification attacks, stateless L3/L4 attacks, and stateful attacks targeting application resources. Configuration and other use cases are also briefly mentioned.
GoBGP is an open source BGP implementation written in Go that aims for high performance. It uses gRPC for its API-first architecture and OpenConfig for its vendor-neutral configuration model. Some key uses of GoBGP include as a high performance route server, for integration with data analysis systems via its APIs, and as a BGP implementation for whitebox switches.
BGP Flowspec (RFC5575) Case study and DiscussionAPNIC
BGP Flowspec is a technique for distributing flow specification rules via BGP. It allows an ISP to dynamically distribute filtering and redirection rules to mitigate DDoS attacks. The document discusses several real-world use cases where BGP Flowspec was deployed to successfully block large DDoS attacks in a targeted manner without affecting legitimate traffic. However, interoperability between vendors and scalability challenges remain open issues requiring further work and testing.
This document discusses using a loopback interface as the update source for BGP sessions. It explains that when there are multiple paths between BGP neighbors, using a loopback interface ensures the BGP session will not go down if the physical interface fails. It provides the configuration to enable this by specifying the loopback interface in the neighbor update-source command. An example topology is shown connecting routers with EIGRP and configuring BGP between the routers using a loopback interface as the update source.
BGP Flow Specification allows network operators to define and distribute traffic filtering rules via BGP. This helps operators quickly mitigate DDoS attacks by filtering traffic at an upstream level rather than just blackholing entire prefixes. It separates filtering information from routing data using new BGP address families. Validating flow specifications against the best unicast route helps prevent spoofing. Common filtering actions include traffic policing, sampling, and redirection. While some ISPs have begun implementations, widespread adoption is still needed to realize the benefits of centralized DDoS defense using BGP Flow Specification.
Implementing BGP Flowspec at IP transit networkPavel Odintsov
This document discusses implementing BGP Flowspec at an IP transit network to help mitigate distributed denial of service (DDoS) attacks. BGP Flowspec allows network operators to announce flow specifications via BGP to define distributed access lists across their network. The document outlines BGP Flowspec options, typical attack scenarios with and without its use, implementation considerations, validation of rules, statistics collection, and plans for a web portal and integration with attack detection systems. Over 85% of detected DDoS traffic was found to originate from foreign interfaces, showing BGP Flowspec's effectiveness against such attacks.
Tutorial: Using GoBGP as an IXP connecting routerShu Sugimoto
- Show you how GoBGP can be used as a software router in conjunction with quagga
- (Tutorial) Walk through the setup of IXP connecting router using GoBGP
This document discusses using BGP Flowspec for DDoS mitigation. It provides an overview of legacy DDoS mitigation methods, describes how BGP Flowspec works by distributing flow specifications using BGP, and gives examples of how it can be used for inter-domain and intra-domain DDoS mitigation as well as with a scrubbing center. It also discusses vendor support, advantages over previous methods, potential issues, real world deployments, and the current state and future of BGP Flowspec.
The document describes the configuration of a Dynamic Multipoint Virtual Private Network (DMVPN) using three phases. Phase 1 establishes IPsec and IKE tunnels between the hub router and spoke routers using EIGRP routing. Phase 2 optimizes the configuration by removing split horizon and enabling next hop self. Phase 3 enables features like NHRP redirect and shortcut to optimize network traffic flow.
netfilter is a framework provided by the Linux kernel that allows various networking-related operations to be implemented in the form of customized handlers.
iptables is a user-space application program that allows a system administrator to configure the tables provided by the Linux kernel firewall (implemented as different netfilter modules) and the chains and rules it stores.
Many systems use iptables/netfilter, Linux's native packet filtering/mangling framework since Linux 2.4, be it home routers or sophisticated cloud network stacks.
In this session, we will talk about the netfilter framework and its facilities, explain how basic filtering and mangling use-cases are implemented using iptables, and introduce some less common but powerful extensions of iptables.
Shmulik Ladkani, Chief Architect at Nsof Networks.
Long time network veteran and kernel geek.
Shmulik started his career at Jungo (acquired by NDS/Cisco) implementing residential gateway software, focusing on embedded Linux, Linux kernel, networking and hardware/software integration.
Some billions of forwarded packets later, Shmulik left his position as Jungo's lead architect and joined Ravello Systems (acquired by Oracle) as tech lead, developing a virtual data center as a cloud-based service, focusing around virtualization systems, network virtualization and SDN.
Recently he co-founded Nsof Networks, where he's been busy architecting network infrastructure as a cloud-based service, gazing at internet routes in astonishment, and playing the chkuku.
In this webinar, we cover how Border Gateway Protocol works. Starting from key concepts, you'll learn about Autonomous Systems, the BGP protocol, AS Path, learning and advertising routes, RIBs and route selection. See the webinar recording at https://www.thousandeyes.com/webinars/how-bgp-works
Database firewall is a useful tool that monitor databases to identify and protect against database specific attacks that mostly seek to access sensitive information stored in the databases. However the commercial database firewalls are expensive and needs specific product knowledge, while the opensource database firewalls are designed for specific opensource database servers.
In order to fulfill the need of inexpensive database firewall, Snort - an opensource IDS/IPS - is possible to achieve the goal in some scenarios with familiar rule writing. The paper will explain the limitation of Snort as a database firewall, constraints in commercial database statement and some example implementation.
The document discusses different nmap scanning techniques including SYN scans, FIN scans, ACK scans, and window scans. It provides pros and cons of each technique. It then details a mission to penetrate SCO's firewall and discern open ports on a target system using different scan types. Another mission works to locate webservers on the Playboy network offering free images, optimizing the scan by getting timing information and scanning faster without DNS lookups. Several IP addresses with port 80 open are identified.
The document discusses using Nmap to perform network scanning and reconnaissance. It provides an overview of Nmap, describing common scan types like TCP and UDP scans. It also covers useful Nmap options for tasks like service and operating system detection. The document demonstrates the Nmap Scripting Engine for tasks like vulnerability scanning and brute force attacks. It provides examples of commands for different scan types and scripts.
Network address translation (NAT) is a method of remapping one IP address space into another by modifying network address information in Internet Protocol (IP) datagram packet headers while they are in transit across a traffic routing device.
This document provides an overview of initial Big-IP configuration including hardware, licensing, file system, and basic network and management configuration. It also covers traffic processing concepts like pools, nodes, virtual servers and load balancing methods. Monitoring functionality and types of monitors like address, service, content and interactive are described. The document shows how to configure and assign different monitors to nodes, pool members and pools. It explains the status icons for monitor states like available, offline, unknown and unavailable.
This document discusses advanced topics related to BGP routing protocols. It covers scaling iBGP to large networks using techniques like route reflectors and confederations. Route reflectors allow a network to be divided into clusters with designated routers reflecting routes between clusters, reducing the full iBGP mesh. This improves scaling by lowering configuration and resource overhead on each router. The document also examines how iBGP and the BGP decision process interact with the IGP to determine optimal routes and influence traffic flow.
The document discusses the deployment of an internet exchange point (IXP) in Bangladesh called NIX. It describes the key components of NIX including route servers, RPKI validation, SIPIX for interconnection between IP telephony service providers, root server instances, looking glass, NTP servers, and an IXP manager. It outlines the challenges faced in deployment and initiatives taken to address issues related to traffic filtering, security, call quality, and availability. The future plans include completing root server mapping, establishing multiple points of presence, and adding content caching and domain hosting services.
BGP (Border Gateway Routing Protocol) is a standardized exterior gateway protocol designed to
exchange routing and reachability information between autonomous systems (AS) on the Internet. The
Border Gateway Protocol makes routing decisions based on paths, network policies or rule-sets
configured by a network administrator, and are involved in making core routing decisions.
BGP is a very robust and scalable routing protocol, as evidenced by the fact that BGP is the routing
protocol employed on the Internet.
NAT maps private IP addresses to public IP addresses, allowing multiple devices on a private network to share a single public IP address to access the Internet. It is commonly used when there is a shortage of IPv4 addresses. There are different types of NAT, including dynamic NAT which maps private addresses to public addresses on a need basis, and NAPT which allows thousands of devices to share one IP address by also mapping port numbers. NAT solves issues like merging networks with duplicate private addresses and changing ISPs without renumbering an entire network.
The document provides an overview of Border Gateway Protocol (BGP) which is the routing protocol used to exchange routes between institutions and the KAREN network. BGP allows different autonomous systems (AS) to exchange routing information and is more than just a routing protocol as it contains additional route attributes that are used for policy rules. BGP can operate internally within an AS or externally between ASes to control route propagation based on commercial agreements.
DDOS Mitigation Experience from IP ServerOne by CL LeeMyNOG
IP ServerOne is a Malaysian data center provider that manages over 4500 physical servers across 5 data centers. They experience 2-5 DDoS attacks per day, mostly ranging from 4.5-8.9 Gbps. To detect attacks, they use netflow to monitor traffic patterns and flag abnormal packet rates to single IPs. When an attack is detected, traffic is rerouted to on-premise filtering devices in less than 90 seconds to scrub attacks while allowing legitimate traffic. IP ServerOne advocates a hybrid mitigation approach using their own infrastructure alongside cloud-based protection.
Instant chat, videoconferencing, voice calling, file transfer, desktop sharing, and web conferencing are all part of the latest set of unified communication and collaboration (UCC) tools, which can significantly reduce communication and collaboration costs. And your WLAN should understand all these different traffic flows, report on call quality, support high-definition data transfer for video, and more. Hear about best practices for app-level configuration and learn how to get your Aruba WLAN ready for Microsoft Skype for Business, and several other enterprise and commercial grade UCC apps.
BGP Flowspec (RFC5575) Case study and DiscussionAPNIC
BGP Flowspec is a technique for distributing flow specification rules via BGP. It allows an ISP to dynamically distribute filtering and redirection rules to mitigate DDoS attacks. The document discusses several real-world use cases where BGP Flowspec was deployed to successfully block large DDoS attacks in a targeted manner without affecting legitimate traffic. However, interoperability between vendors and scalability challenges remain open issues requiring further work and testing.
This document discusses using a loopback interface as the update source for BGP sessions. It explains that when there are multiple paths between BGP neighbors, using a loopback interface ensures the BGP session will not go down if the physical interface fails. It provides the configuration to enable this by specifying the loopback interface in the neighbor update-source command. An example topology is shown connecting routers with EIGRP and configuring BGP between the routers using a loopback interface as the update source.
BGP Flow Specification allows network operators to define and distribute traffic filtering rules via BGP. This helps operators quickly mitigate DDoS attacks by filtering traffic at an upstream level rather than just blackholing entire prefixes. It separates filtering information from routing data using new BGP address families. Validating flow specifications against the best unicast route helps prevent spoofing. Common filtering actions include traffic policing, sampling, and redirection. While some ISPs have begun implementations, widespread adoption is still needed to realize the benefits of centralized DDoS defense using BGP Flow Specification.
Implementing BGP Flowspec at IP transit networkPavel Odintsov
This document discusses implementing BGP Flowspec at an IP transit network to help mitigate distributed denial of service (DDoS) attacks. BGP Flowspec allows network operators to announce flow specifications via BGP to define distributed access lists across their network. The document outlines BGP Flowspec options, typical attack scenarios with and without its use, implementation considerations, validation of rules, statistics collection, and plans for a web portal and integration with attack detection systems. Over 85% of detected DDoS traffic was found to originate from foreign interfaces, showing BGP Flowspec's effectiveness against such attacks.
Tutorial: Using GoBGP as an IXP connecting routerShu Sugimoto
- Show you how GoBGP can be used as a software router in conjunction with quagga
- (Tutorial) Walk through the setup of IXP connecting router using GoBGP
This document discusses using BGP Flowspec for DDoS mitigation. It provides an overview of legacy DDoS mitigation methods, describes how BGP Flowspec works by distributing flow specifications using BGP, and gives examples of how it can be used for inter-domain and intra-domain DDoS mitigation as well as with a scrubbing center. It also discusses vendor support, advantages over previous methods, potential issues, real world deployments, and the current state and future of BGP Flowspec.
The document describes the configuration of a Dynamic Multipoint Virtual Private Network (DMVPN) using three phases. Phase 1 establishes IPsec and IKE tunnels between the hub router and spoke routers using EIGRP routing. Phase 2 optimizes the configuration by removing split horizon and enabling next hop self. Phase 3 enables features like NHRP redirect and shortcut to optimize network traffic flow.
netfilter is a framework provided by the Linux kernel that allows various networking-related operations to be implemented in the form of customized handlers.
iptables is a user-space application program that allows a system administrator to configure the tables provided by the Linux kernel firewall (implemented as different netfilter modules) and the chains and rules it stores.
Many systems use iptables/netfilter, Linux's native packet filtering/mangling framework since Linux 2.4, be it home routers or sophisticated cloud network stacks.
In this session, we will talk about the netfilter framework and its facilities, explain how basic filtering and mangling use-cases are implemented using iptables, and introduce some less common but powerful extensions of iptables.
Shmulik Ladkani, Chief Architect at Nsof Networks.
Long time network veteran and kernel geek.
Shmulik started his career at Jungo (acquired by NDS/Cisco) implementing residential gateway software, focusing on embedded Linux, Linux kernel, networking and hardware/software integration.
Some billions of forwarded packets later, Shmulik left his position as Jungo's lead architect and joined Ravello Systems (acquired by Oracle) as tech lead, developing a virtual data center as a cloud-based service, focusing around virtualization systems, network virtualization and SDN.
Recently he co-founded Nsof Networks, where he's been busy architecting network infrastructure as a cloud-based service, gazing at internet routes in astonishment, and playing the chkuku.
In this webinar, we cover how Border Gateway Protocol works. Starting from key concepts, you'll learn about Autonomous Systems, the BGP protocol, AS Path, learning and advertising routes, RIBs and route selection. See the webinar recording at https://www.thousandeyes.com/webinars/how-bgp-works
Database firewall is a useful tool that monitor databases to identify and protect against database specific attacks that mostly seek to access sensitive information stored in the databases. However the commercial database firewalls are expensive and needs specific product knowledge, while the opensource database firewalls are designed for specific opensource database servers.
In order to fulfill the need of inexpensive database firewall, Snort - an opensource IDS/IPS - is possible to achieve the goal in some scenarios with familiar rule writing. The paper will explain the limitation of Snort as a database firewall, constraints in commercial database statement and some example implementation.
The document discusses different nmap scanning techniques including SYN scans, FIN scans, ACK scans, and window scans. It provides pros and cons of each technique. It then details a mission to penetrate SCO's firewall and discern open ports on a target system using different scan types. Another mission works to locate webservers on the Playboy network offering free images, optimizing the scan by getting timing information and scanning faster without DNS lookups. Several IP addresses with port 80 open are identified.
The document discusses using Nmap to perform network scanning and reconnaissance. It provides an overview of Nmap, describing common scan types like TCP and UDP scans. It also covers useful Nmap options for tasks like service and operating system detection. The document demonstrates the Nmap Scripting Engine for tasks like vulnerability scanning and brute force attacks. It provides examples of commands for different scan types and scripts.
Network address translation (NAT) is a method of remapping one IP address space into another by modifying network address information in Internet Protocol (IP) datagram packet headers while they are in transit across a traffic routing device.
This document provides an overview of initial Big-IP configuration including hardware, licensing, file system, and basic network and management configuration. It also covers traffic processing concepts like pools, nodes, virtual servers and load balancing methods. Monitoring functionality and types of monitors like address, service, content and interactive are described. The document shows how to configure and assign different monitors to nodes, pool members and pools. It explains the status icons for monitor states like available, offline, unknown and unavailable.
This document discusses advanced topics related to BGP routing protocols. It covers scaling iBGP to large networks using techniques like route reflectors and confederations. Route reflectors allow a network to be divided into clusters with designated routers reflecting routes between clusters, reducing the full iBGP mesh. This improves scaling by lowering configuration and resource overhead on each router. The document also examines how iBGP and the BGP decision process interact with the IGP to determine optimal routes and influence traffic flow.
The document discusses the deployment of an internet exchange point (IXP) in Bangladesh called NIX. It describes the key components of NIX including route servers, RPKI validation, SIPIX for interconnection between IP telephony service providers, root server instances, looking glass, NTP servers, and an IXP manager. It outlines the challenges faced in deployment and initiatives taken to address issues related to traffic filtering, security, call quality, and availability. The future plans include completing root server mapping, establishing multiple points of presence, and adding content caching and domain hosting services.
BGP (Border Gateway Routing Protocol) is a standardized exterior gateway protocol designed to
exchange routing and reachability information between autonomous systems (AS) on the Internet. The
Border Gateway Protocol makes routing decisions based on paths, network policies or rule-sets
configured by a network administrator, and are involved in making core routing decisions.
BGP is a very robust and scalable routing protocol, as evidenced by the fact that BGP is the routing
protocol employed on the Internet.
NAT maps private IP addresses to public IP addresses, allowing multiple devices on a private network to share a single public IP address to access the Internet. It is commonly used when there is a shortage of IPv4 addresses. There are different types of NAT, including dynamic NAT which maps private addresses to public addresses on a need basis, and NAPT which allows thousands of devices to share one IP address by also mapping port numbers. NAT solves issues like merging networks with duplicate private addresses and changing ISPs without renumbering an entire network.
The document provides an overview of Border Gateway Protocol (BGP) which is the routing protocol used to exchange routes between institutions and the KAREN network. BGP allows different autonomous systems (AS) to exchange routing information and is more than just a routing protocol as it contains additional route attributes that are used for policy rules. BGP can operate internally within an AS or externally between ASes to control route propagation based on commercial agreements.
DDOS Mitigation Experience from IP ServerOne by CL LeeMyNOG
IP ServerOne is a Malaysian data center provider that manages over 4500 physical servers across 5 data centers. They experience 2-5 DDoS attacks per day, mostly ranging from 4.5-8.9 Gbps. To detect attacks, they use netflow to monitor traffic patterns and flag abnormal packet rates to single IPs. When an attack is detected, traffic is rerouted to on-premise filtering devices in less than 90 seconds to scrub attacks while allowing legitimate traffic. IP ServerOne advocates a hybrid mitigation approach using their own infrastructure alongside cloud-based protection.
Instant chat, videoconferencing, voice calling, file transfer, desktop sharing, and web conferencing are all part of the latest set of unified communication and collaboration (UCC) tools, which can significantly reduce communication and collaboration costs. And your WLAN should understand all these different traffic flows, report on call quality, support high-definition data transfer for video, and more. Hear about best practices for app-level configuration and learn how to get your Aruba WLAN ready for Microsoft Skype for Business, and several other enterprise and commercial grade UCC apps.
Continuum PCAP
Cost Effective, Open Network Packet Capture
How do you know what is really coming through your network? Without capturing that traffic, you don't have the means of identifying and solving your security and network performance problems.
Though some organizations have the budgets and infrastructure to record network traffic, many current tools either do not capture all necessary packets, are too expensive to implement on a large scale, or don't easily integrate with other applications. And even companies that are capturing their network data are frustrated by these systems' lack of flexibility, or paying for functionality that they don't really use.
Continuum PCAP solves these problems by fusing the best of both worlds. It is a powerful, affordable enterprise-class packet capture appliance that integrates with your favorite 3rd party or open-source tools, or with your own applications via a REST API.
Daniel Firestone and Gabriel Silva's presentation from the 2017 Open Networking Summit.
SDN is at the foundation of all large scale networks in the public cloud, such as Microsoft Azure - at past ONSes, Microsoft has detailed how all of Azure's virtual networks, load balancing, and security operate on SDN. But how do we make a software network scale to an era of 40, 50, and 100 gigabit networks on servers, providing great performance to end customers with ever increasing VM and container scale and density?
In this presentation, Daniel Firestone and Gabriel Silva will detail Azure Accelerated Networking, using Azure's FPGA-based SmartNICs. They will show how using FPGAs, we can achieve the programmability of a software network with the performance of a hardware one. They will detail how this and other host SDN advances have led to huge performance increases for Linux VMs in particular, and Linux-based NFV appliances, giving Azure industry-leading network performance.
Wilson Rogério Lopes presented on the evolution of DDoS attacks and mitigation options. He discussed how amplification attacks have grown in size using protocols like NTP and SSDP. IoT botnets using CCTV cameras conducted large DDoS attacks in 2016. Mitigation options discussed include using clean pipe providers, cloud DDoS services, BGP routing, and homemade tools like iptables and ModSecurity. The presentation recommended a hybrid mitigation strategy using both on-premise and cloud-based solutions.
Leveraging Network Offload to Accelerate SDN and NFV DeploymentsNetronome
Ron Renwick, Director of Product Marketing and Product Line Manager, presents "Leveraging Network Offload to Accelerate SDN and NFV Deployments," at Layer123 SDN NFV World Congress 2017. Watch the video replay on the Netronome YouTube channel: https://youtu.be/V7cRv12pDsc
Spoofing is a growing problem on the Internet. More spoofed attacks keep occurring over new mediums, DNS, NTP, SNMP etc. Detecting the source of these attacks is challenging, however is often hard or impossible to trace back. This talk covers some of the challenges and views the detection of some spoofed packets.
This document discusses detecting spoofing at internet exchange points (IXPs). It begins by providing background on Cloudflare and some statistics on their global network. It then discusses how spoofing allows very small requests to become large distributed denial of service (DDoS) attacks. The document outlines Cloudflare's IXPantiSpoofer script, which matches MAC addresses from an IXP to autonomous system (AS) numbers to detect spoofing. It encourages improving detection methods and argues that IXPs could help alert members to misconfigurations and isolate malicious traffic, improving security for all members.
Using MikroTik routers for BGP transit and IX points Pavel Odintsov
This document discusses using MikroTik routers for BGP transit and internet exchange (IX) points. It covers how to configure BGP to import routes from transit carriers and IXes, export routes to customers, and control outgoing traffic preferences. Communities are used to mark routes from different providers and for blackholing DDoS attacks. Recommended BGP attribute values are provided to control traffic flow. Acknowledgments are given to DE-CIX for information used in the presentation.
This document discusses IPVS (IP Virtual Server), a kernel-level load balancing and request routing technology built into the Linux kernel. It has been used by major companies like Google, Facebook, and Yandex to route millions of requests per second. The document introduces some key features of IPVS, including different forwarding methods (DNAT, DR, IPIP), load balancing algorithms, health checks, and cluster synchronization. It then describes GORB, an open-source REST API and daemon that can configure and manage IPVS from userspace without restarting services. GORB potentially makes IPVS useful for load balancing Docker containers dynamically as containers are started and configured.
DDoS Attacks in 2017: Beyond Packet FilteringQrator Labs
This document discusses the evolution of DDoS attacks beyond simple packet filtering. It notes that modern attacks use TCP connections and HTTPS to exhaust server resources, and that effective defenses require deep packet inspection, behavioral analysis, and correlation across networks. However, implementing these defenses is very expensive. As a result, best effort mitigation services cannot guarantee service level agreements, forcing networks to protect themselves individually in an every-man-for-himself environment. The future of DDoS defense remains unclear.
Exploiting First Hop Protocols to Own the Network - Paul CogginEC-Council
This talk will focus on how to exploit a network by targeting the various first hop protocols. Attack vectors for crafting custom packets as well a few of the available tools for layer 2 network protocols exploitation will be covered. Defensive mitigations and recommendations for adding secure visualization and instrumentation for layer 2 will be provided.
Pavel Odintsov introduces FastNetMon DDoS prevention and how they migrated analytics to ClickHouse to handle large data volumes. Pavel is CTO and co-founder of FastNetMon LTD.
FastNetMon: https://fastnetmon.com/
Meetup: https://www.meetup.com/San-Francisco-Bay-Area-ClickHouse-Meetup/events/282872933/
The document discusses CloudFlare's global network for mitigating DDoS attacks and content delivery. It describes how CloudFlare deploys thousands of servers across 30+ datacenters worldwide and peers with internet exchanges around the globe to distribute traffic. This allows CloudFlare to localize DDoS attacks and continue serving other regions. The document also outlines CloudFlare's techniques for detecting and filtering DDoS traffic, such as consistent hashing to distribute loads across servers and FlowSpec to automate rate limiting attacks. Finally, it addresses challenges with connectivity in Africa and improving performance by moving content delivery closer through regional peering.
Netflix Open Connect: Delivering Internet TV to the worldInternet Society
This document discusses Netflix's global streaming services and partnerships with internet service providers (ISPs). Some key points:
- Netflix now serves over 190 countries with over 1 billion hours streamed per month and 81.5 million members globally.
- Netflix partners with ISPs by allowing them to embed Netflix Open Connect appliances (OCAs) within their networks at no cost, in order to directly deliver Netflix content to users and reduce upstream internet traffic.
- There are over 50 global points of presence for OCAs. Requirements for ISPs to participate include having at least 5Gbps of peak traffic and hosting a 1U or 2U OCA appliance within their network.
TRex is an open source, low cost, stateful traffic generator fuelled by DPDK. It generates L4-7 traffic based on pre-processing and a smart replay of real traffic templates. TRex amplifies both client and server side traffic and can scale to 200Gb/sec with one UCS.
PLNOG14: Czy można żyć bez systemu ochrony przed atakami DDoS - Marek JanikPROIDEA
Marek Janik - Huawei
Language: Polish
W trakcie sesji postaram sie zaprezentować sposoby ochrony sieci przed atakami DDoS, zarówno ogólno dostępnych, specjalizowanych oraz jako forma usługi od operatora lub dedykowanej firmy. Po prezentacji będzie można samemu ocenić czy „jakieś” i „jakie” rozwiązanie AntiDDoS jest potrzebne ze względu na prowadzona działalność w Internecie.
Zarejestruj się na kolejną edycję PLNOG już dzisiaj: krakow.plnog.pl
Dccp evaluation for sip signaling ict4 m Agus Awaludin
This document discusses evaluating the performance of using the Datagram Congestion Control Protocol (DCCP) for SIP signaling compared to the traditional UDP. It describes developing a DCCP agent and SIP traffic for the NS-2 network simulator to simulate SIP call setup over DCCP and UDP. The simulation results show that DCCP has lower call drop rates than UDP and less variation in call setup delays, indicating DCCP may be a preferable transport for SIP signaling over UDP.
HKNOG 1.0 - DDoS attacks in an IPv6 WorldTom Paseka
The document discusses DDoS attacks in an IPv6 world and how CloudFlare provides an automatic IPv6 gateway. It notes that many security tools still lack IPv6 support, which could impede the ability to identify and filter attacks over IPv6. The document outlines some IPv6 attacks CloudFlare has seen, such as DNS cache-busted query attacks, and how botnets can unintentionally send attack traffic over IPv6 if the target has an AAAA record. It emphasizes that security practices need to be equal for both IPv4 and IPv6 to prevent future IPv6-based attacks.
Similar to FastNetMon Advanced DDoS detection tool (20)
This document discusses challenges and solutions related to detecting and mitigating DDoS attacks in IPv6 environments. It provides an overview of common attack vectors in IPv6, such as protocol floods, fragmentation attacks, and spoofing. It also addresses issues with using existing monitoring tools in IPv6 networks and proposes protocols like Netflow v9, IPFIX, and sFlow v5 for exporting IPv6 traffic metadata. Specific challenges involving BGP, blackholing, traffic engineering and fastnetmon tool support for IPv6 are examined along with potential solutions.
Flowspec contre les attaques DDoS : l'expérience danoisePavel Odintsov
RÉSUMÉ
Au sein de DeiC, le réseau de recherche au Danemark, nous avons développé un service de protection contre les attaques DDoS qui est basé sur la distribution des règles firewall vers les routeurs de bordure par le biais de BGP FlowSpec.
Par rapport aux solutions alternatives, cette méthode a un coût très réduit puisqu'elle est basée sur des composants open source uniquement.
Dans cette phase du projet la détection des attaques est faite au moyen de FastNetMon, mais grâce aux interfaces ouvertes, d'autres outils IDS peuvent être utilisés.
Nous présenterons un retour d'expérience pour ce service qui est actuellement en cours de déploiement au sein de DeIC.
Detectando DDoS e intrusiones con RouterOSPavel Odintsov
Maximiliano Dobladez presentó sobre cómo detectar ataques DDoS e intrusiones con RouterOS. Explicó las herramientas Suricata e IDS/IPS para analizar tráfico en busca de eventos maliciosos conocidos y FastNetMon para detectar DDoS en 2 segundos. Detalló cómo instalar y configurar estas herramientas, integrarlas con RouterOS y tomar acciones como enviar tráfico a un blackhole cuando se detecta un ataque.
Janog 39: speech about FastNetMon by Yutaka IshizakiPavel Odintsov
FastNetMon is an open-source software that can quickly detect DDoS attacks by analyzing packet capture and NetFlow data. It stores metrics in InfluxDB and Redis for visualization and attack details. When an attack is detected, FastNetMon can trigger scripts and announce blocked IPs using protocols like BGP. While it detects attacks well based on thresholds, it may be more effective when combined with other components for full DDoS mitigation functionality.
Protect your edge BGP security made simplePavel Odintsov
SysEleven filters routes to protect its edge by rejecting bogon prefixes and invalid routes. It generates prefix filters automatically based on peer AS sets to apply strict inbound filtering. It also uses RPKI to validate routes and reject invalid announcements. For DDoS mitigation, it uses FastNetMon for detection and FlowSpec to propagate rate limiting filters via BGP to upstream providers for quick attack mitigation in under 2 minutes. Open source tools like bgpq3, aggregate, and GoBGP help implement these solutions in a cost effective manner.
Marek discusses how his company Faelix uses MikroTik hardware and RouterOS at their network edges to route over 600k IPv4 and 30k IPv6 routes. While there were some initial issues, MikroTik has proven reliable and cost-effective. Marek then explains how Faelix implements firewalling with zero filter rules through a multi-step process. They use fail2ban to block brute force attacks, AMQP to share block lists across routers, and destination NAT misbehaving traffic. Most importantly, they leverage the "/ip route rule" feature to route blocked traffic to a separate routing table for easy isolation without complex firewall rules.
FastNetMon is an open source, cross-platform, and lightweight real-time black hole monitoring system that can detect network anomalies from sFlow, Netflow, or mirrored port data. It has flexible response methods and works with routing protocols like ExaBGP and GoBGP, though its limited documentation and some quirks like inaccurate flow averages require modifications for optimal use.
Detecting and mitigating DDoS ZenDesk by Vicente De LucaPavel Odintsov
This document discusses how to improve detection of DDoS attacks using an open-source solution involving FastNetMon, InfluxDB, Grafana, Redis, Morgoth, BIRD, and an experimental code called Net Healer. FastNetMon detects attacks and reports them to Redis. Net Healer watches Redis for attack reports and can trigger actions like alerting on-call teams or injecting routes based on policy thresholds over a 5 minute period to mitigate attacks faster without relying solely on humans. The solution integrates various open source tools for scalable metrics storage, routing, anomaly detection, and triggering automated responses to detected attacks.
Blackholing from a_providers_perspektive_theo_vossPavel Odintsov
This document discusses blackholing from a provider's perspective. It describes how blackholing can be implemented at the provider's upstreams and internet exchange points (IXPs). The document also discusses using FastNetMon for DDoS attack detection and implementing blackholing policies on routers to discard attack traffic in the case of a detected DDoS attack.
The survey found that the most commonly used NOC tools are for monitoring (e.g. CACTI, Nagios), problem management (e.g. Nagios, Request Tracker), and ticketing (e.g. Request Tracker, OTRS). Performance management tools like Iperf, Wireshark and MRTG were also widely used. Configuration management was commonly done using tools like Git, RANCID, Subversion and CVS. The survey provided insights into the software tools used by NOCs and helped identify trends in tools that have increased in importance since a previous survey in 2011.
DDoS detection at small ISP by Wardner MaiaPavel Odintsov
Este documento trata sobre la detección y mitigación de ataques distribuidos de denegación de servicio (DDoS) en un pequeño proveedor de servicios de Internet (ISP). Explica conceptos básicos sobre DDoS, incluidos tipos de ataques y arquitectura. Luego, discute buenas prácticas de red para minimizar ataques, como la implementación de BCP-38 y la eliminación de amplificadores y bucles estáticos. Finalmente, cubre técnicas de mitigación como blackholing remoto y sol
Distributed Denial of Service Attack - Detection And MitigationPavel Odintsov
This document discusses distributed denial of service (DDoS) attacks, detection, and mitigation. It provides background on DDoS including components and architecture. It explains why small and medium internet service providers should care about DDoS attacks. The presentation aims to show how an ISP can implement an automated solution for DDoS mitigation using Mikrotik Traffic Flow, Fastnetmon for detection, and ExaBGP for route announcements. Detection and mitigation techniques are discussed such as remote triggered blackholing, mitigation at a cloud scrubbing center, and using the Cymru Unwanted Traffic Removal Service.
This document describes an open-source solution for improving fast detection of and automating mitigation of DDoS attacks. The solution uses FastNetMon for fast detection of attacks from sFlow, NetFlow, or port mirroring. Metrics and events are stored in InfluxDB for analysis by Morgoth and visualization in Grafana. Net Healer uses policies to trigger actions like blackholing routes in BIRD based on data from Redis and anomalies detected by Morgoth in InfluxDB. This provides faster detection and reaction than traditional hardware appliances alone.
O documento discute estratégias de defesa contra ataques de negação de serviço (DoS e DDoS), incluindo tipos de ataques, planejamento de rede, detecção e contramedidas. É destacada a importância da visibilidade da rede, do conhecimento dos serviços e da capacidade dos equipamentos para mitigar ataques. Quando o ataque excede a banda disponível, opções como bloqueio remoto, "clean pipes" e distribuição de carga podem ajudar a reduzir o impacto.
For the full video of this presentation, please visit: https://www.edge-ai-vision.com/2024/06/building-and-scaling-ai-applications-with-the-nx-ai-manager-a-presentation-from-network-optix/
Robin van Emden, Senior Director of Data Science at Network Optix, presents the “Building and Scaling AI Applications with the Nx AI Manager,” tutorial at the May 2024 Embedded Vision Summit.
In this presentation, van Emden covers the basics of scaling edge AI solutions using the Nx tool kit. He emphasizes the process of developing AI models and deploying them globally. He also showcases the conversion of AI models and the creation of effective edge AI pipelines, with a focus on pre-processing, model conversion, selecting the appropriate inference engine for the target hardware and post-processing.
van Emden shows how Nx can simplify the developer’s life and facilitate a rapid transition from concept to production-ready applications.He provides valuable insights into developing scalable and efficient edge AI solutions, with a strong focus on practical implementation.
Threats to mobile devices are more prevalent and increasing in scope and complexity. Users of mobile devices desire to take full advantage of the features
available on those devices, but many of the features provide convenience and capability but sacrifice security. This best practices guide outlines steps the users can take to better protect personal devices and information.
HCL Notes and Domino License Cost Reduction in the World of DLAUpanagenda
Webinar Recording: https://www.panagenda.com/webinars/hcl-notes-and-domino-license-cost-reduction-in-the-world-of-dlau/
The introduction of DLAU and the CCB & CCX licensing model caused quite a stir in the HCL community. As a Notes and Domino customer, you may have faced challenges with unexpected user counts and license costs. You probably have questions on how this new licensing approach works and how to benefit from it. Most importantly, you likely have budget constraints and want to save money where possible. Don’t worry, we can help with all of this!
We’ll show you how to fix common misconfigurations that cause higher-than-expected user counts, and how to identify accounts which you can deactivate to save money. There are also frequent patterns that can cause unnecessary cost, like using a person document instead of a mail-in for shared mailboxes. We’ll provide examples and solutions for those as well. And naturally we’ll explain the new licensing model.
Join HCL Ambassador Marc Thomas in this webinar with a special guest appearance from Franz Walder. It will give you the tools and know-how to stay on top of what is going on with Domino licensing. You will be able lower your cost through an optimized configuration and keep it low going forward.
These topics will be covered
- Reducing license cost by finding and fixing misconfigurations and superfluous accounts
- How do CCB and CCX licenses really work?
- Understanding the DLAU tool and how to best utilize it
- Tips for common problem areas, like team mailboxes, functional/test users, etc
- Practical examples and best practices to implement right away
Programming Foundation Models with DSPy - Meetup SlidesZilliz
Prompting language models is hard, while programming language models is easy. In this talk, I will discuss the state-of-the-art framework DSPy for programming foundation models with its powerful optimizers and runtime constraint system.
Best 20 SEO Techniques To Improve Website Visibility In SERPPixlogix Infotech
Boost your website's visibility with proven SEO techniques! Our latest blog dives into essential strategies to enhance your online presence, increase traffic, and rank higher on search engines. From keyword optimization to quality content creation, learn how to make your site stand out in the crowded digital landscape. Discover actionable tips and expert insights to elevate your SEO game.
AI 101: An Introduction to the Basics and Impact of Artificial IntelligenceIndexBug
Imagine a world where machines not only perform tasks but also learn, adapt, and make decisions. This is the promise of Artificial Intelligence (AI), a technology that's not just enhancing our lives but revolutionizing entire industries.
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdfMalak Abu Hammad
Discover how MongoDB Atlas and vector search technology can revolutionize your application's search capabilities. This comprehensive presentation covers:
* What is Vector Search?
* Importance and benefits of vector search
* Practical use cases across various industries
* Step-by-step implementation guide
* Live demos with code snippets
* Enhancing LLM capabilities with vector search
* Best practices and optimization strategies
Perfect for developers, AI enthusiasts, and tech leaders. Learn how to leverage MongoDB Atlas to deliver highly relevant, context-aware search results, transforming your data retrieval process. Stay ahead in tech innovation and maximize the potential of your applications.
#MongoDB #VectorSearch #AI #SemanticSearch #TechInnovation #DataScience #LLM #MachineLearning #SearchTechnology
Driving Business Innovation: Latest Generative AI Advancements & Success StorySafe Software
Are you ready to revolutionize how you handle data? Join us for a webinar where we’ll bring you up to speed with the latest advancements in Generative AI technology and discover how leveraging FME with tools from giants like Google Gemini, Amazon, and Microsoft OpenAI can supercharge your workflow efficiency.
During the hour, we’ll take you through:
Guest Speaker Segment with Hannah Barrington: Dive into the world of dynamic real estate marketing with Hannah, the Marketing Manager at Workspace Group. Hear firsthand how their team generates engaging descriptions for thousands of office units by integrating diverse data sources—from PDF floorplans to web pages—using FME transformers, like OpenAIVisionConnector and AnthropicVisionConnector. This use case will show you how GenAI can streamline content creation for marketing across the board.
Ollama Use Case: Learn how Scenario Specialist Dmitri Bagh has utilized Ollama within FME to input data, create custom models, and enhance security protocols. This segment will include demos to illustrate the full capabilities of FME in AI-driven processes.
Custom AI Models: Discover how to leverage FME to build personalized AI models using your data. Whether it’s populating a model with local data for added security or integrating public AI tools, find out how FME facilitates a versatile and secure approach to AI.
We’ll wrap up with a live Q&A session where you can engage with our experts on your specific use cases, and learn more about optimizing your data workflows with AI.
This webinar is ideal for professionals seeking to harness the power of AI within their data management systems while ensuring high levels of customization and security. Whether you're a novice or an expert, gain actionable insights and strategies to elevate your data processes. Join us to see how FME and AI can revolutionize how you work with data!
Removing Uninteresting Bytes in Software FuzzingAftab Hussain
Imagine a world where software fuzzing, the process of mutating bytes in test seeds to uncover hidden and erroneous program behaviors, becomes faster and more effective. A lot depends on the initial seeds, which can significantly dictate the trajectory of a fuzzing campaign, particularly in terms of how long it takes to uncover interesting behaviour in your code. We introduce DIAR, a technique designed to speedup fuzzing campaigns by pinpointing and eliminating those uninteresting bytes in the seeds. Picture this: instead of wasting valuable resources on meaningless mutations in large, bloated seeds, DIAR removes the unnecessary bytes, streamlining the entire process.
In this work, we equipped AFL, a popular fuzzer, with DIAR and examined two critical Linux libraries -- Libxml's xmllint, a tool for parsing xml documents, and Binutil's readelf, an essential debugging and security analysis command-line tool used to display detailed information about ELF (Executable and Linkable Format). Our preliminary results show that AFL+DIAR does not only discover new paths more quickly but also achieves higher coverage overall. This work thus showcases how starting with lean and optimized seeds can lead to faster, more comprehensive fuzzing campaigns -- and DIAR helps you find such seeds.
- These are slides of the talk given at IEEE International Conference on Software Testing Verification and Validation Workshop, ICSTW 2022.
Pushing the limits of ePRTC: 100ns holdover for 100 daysAdtran
At WSTS 2024, Alon Stern explored the topic of parametric holdover and explained how recent research findings can be implemented in real-world PNT networks to achieve 100 nanoseconds of accuracy for up to 100 days.
Maruthi Prithivirajan, Head of ASEAN & IN Solution Architecture, Neo4j
Get an inside look at the latest Neo4j innovations that enable relationship-driven intelligence at scale. Learn more about the newest cloud integrations and product enhancements that make Neo4j an essential choice for developers building apps with interconnected data and generative AI.
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024Neo4j
Neha Bajwa, Vice President of Product Marketing, Neo4j
Join us as we explore breakthrough innovations enabled by interconnected data and AI. Discover firsthand how organizations use relationships in data to uncover contextual insights and solve our most pressing challenges – from optimizing supply chains, detecting fraud, and improving customer experiences to accelerating drug discoveries.
In his public lecture, Christian Timmerer provides insights into the fascinating history of video streaming, starting from its humble beginnings before YouTube to the groundbreaking technologies that now dominate platforms like Netflix and ORF ON. Timmerer also presents provocative contributions of his own that have significantly influenced the industry. He concludes by looking at future challenges and invites the audience to join in a discussion.
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slackshyamraj55
Discover the seamless integration of RPA (Robotic Process Automation), COMPOSER, and APM with AWS IDP enhanced with Slack notifications. Explore how these technologies converge to streamline workflows, optimize performance, and ensure secure access, all while leveraging the power of AWS IDP and real-time communication via Slack notifications.
2. PROJECT HISTORY
• 2013 Q2 project founded
• 2013 Q3 mirror port support
• 2014 Q2 sFlow support
• 2014 Q3 Netflow 5, 9 support
• 2015 Q1 IPFIX support
• 2015 Q2 added to official FreeBSD ports
• 2016 Q3 integration with A-10 Networks TPS
• 2017 Q1 integration with Radware Defense Flow
• 2018 Q1 FastNetMon joined to WorksOnARM.com
3. KEY FEATURES
• Supports all types of volumetric attacks
• Does not require changes in your network
• Complete automation
• Lightning fast detection
• Software only solution
• BGP integration (BGP unicast and BGP flow spec)
• Support almost all possible traffic capture engines
4. KEY FEATURES FOR BUSINESS
• Reduce cost for additional capacity
• Reduce overall service downtime
• Decrease number of incoming abuses
• Additional service for customers to increase ARPU
• Reduce cost for precise DDoS filtering hardware
• Reduce cost for DDoS filtering clouds
9. UNLIMITED SCALABILITY
• sFlow v5 – 1.2 Tbps*
• NetFlow – 2.2 Tbps*
• Mirror/SPAN – 80 GE*
• Distributed with Tera Flow - unlimited
*all numbers for single physical server
10. ACTIONS TRIGGERED FOR DETECTED
ATTACK
• E-mail notification
• BGP Blackhole
• BGP flow spec, RFC 5575
• Slack notification
• API call
• Web request
• Script call
11. EXTREMELY FAST DELIVERY
• Works on any VM or physical server
• Less then 15 minutes to install and configure FastNetMon on new
server!
• Network Engineer friendly CLI interface
• Learn almost all configuration automatically!
12. DETECTION LOGIC
Two levels:
• Threshold based (based on host’s smoothed traffic)
• Hyper packet engine for deep flow / packet inspection using statistics approach
•
•
•
•
•
13. BETWEEN THE CLOUD AND NETWORK EQUIPMENT
• You could use FastNetMon together with precise filtering
hardware (A-10 Networks, Radware, Palo-Alto Networks)
• You could use FastNetMon with your favourite DDoS filtering
cloud
• You could use FastNetMon to isolate attacked customer in special
network using BGP or BGP or BGP Flow Spec redirect
17. RICH ATTACK REPORTS
IP: 10.10.10.221Attack type: syn_flood
Initial attack power: 546475 packets per second
Peak attack power: 546475 packets per second
Attack direction: incoming
Attack protocol: tcp
Total incoming traffic: 245 mbps
Total outgoing traffic: 0 mbps
Total incoming pps: 99059 packets per second
Total outgoing pps: 0 packets per second
Total incoming flows: 98926 flows per second
Total outgoing flows: 0 flows per second
Average incoming traffic: 45 mbps
Average outgoing traffic: 0 mbps
Average incoming pps: 99059 packets per second
Average outgoing pps: 0 packets per second
Average incoming flows: 98926 flows per second
Average outgoing flows: 0 flows per second
Incoming ip fragmented traffic: 250 mbps
Outgoing ip fragmented traffic: 0 mbps
Incoming ip fragmented pps: 546475 packets per second
Outgoing ip fragmented pps: 0 packets per second
Incoming tcp traffic: 250 mbps
Outgoing tcp traffic: 0 mbps
Incoming tcp pps: 546475 packets per second
Outgoing tcp pps: 0 packets per second
Incoming syn tcp traffic: 250 mbps
Outgoing syn tcp traffic: 0 mbps
Incoming syn tcp pps: 546475 packets per second
Outgoing syn tcp pps: 0 packets per second
Incoming udp traffic: 0 mbps
Outgoing udp traffic: 0 mbps
Incoming udp pps: 0 packets per second
Outgoing udp pps: 0 packets per second
Incoming icmp traffic: 0 mbps
Outgoing icmp traffic: 0 mbps
19. DEVELOPER FRIENDLY
• API for FastNetMon operations (using fcli)
• MongoDB for configuration
• JSON everywhere
• API for traffic persistency
• API for metrics