Mike, What did you end up going with if not fastnetmon? Were you using their paid or free version?
On Thu, Dec 5, 2019 at 4:45 PM Mike <mike-na...@tiedyenetworks.com> wrote: > > On 12/5/19 1:43 PM, Hugo Slabbert wrote: > >> FastNetMon is awesome, but its a detection tool with no mitigation > >> capacity whatsoever. > > > > Does is not, though, provide the ability to hook into RTBH or Flowspec > > setups? > > > > Yes it does provide RTBH hook. > > I evaluated fastnetmon using exactly the 'quick setup' and found it to > have some serious problems with false alarms and statistical anomalies, > at least when using pure netflow data (did not try sampled mode). Hosts > that were not in fact receiving >100mbps traffic (a traffic level I > predetermined as 'attack' for a given network segment), would > occasionally get flagged as such (and rtbh activated), while 2 real > attacks that came during the testing period (60 days for me) went > completely unnoticed. Support seemed to concede that sampled mode is > really the only accurate method, and which by this time I'd expended all > my interest. Great concept, cool integration, just not ready for prime > time. > > > MIke- > >
