We (AperNet) have an open-source anti-ddos flow monitor called apermon that provides some interesting capabilities.
https://github.com/apernet/apermon On Wed, Oct 18, 2023 at 8:51 AM Adam Thompson <athomp...@merlin.mb.ca> wrote: > > Sorry for the late reply... Sightline *Insight* is the piece the sales team > won't sell me, and TAC won't support me, for deployment in our private-cloud > environment: it has to be hosted on one of 3 canned server configurations. > > I am using Sightline/TMS virtually and it's fine there. > > -Adam > > > Adam Thompson > > Consultant, Infrastructure Services > > MERLIN > > 100 - 135 Innovation Drive > > Winnipeg, MB R3T 6A8 > > (204) 977-6824 or 1-800-430-6404 (MB only) > > https://www.merlin.mb.ca > > Chat with me on Teams > > ________________________________ > From: NANOG <nanog-bounces+athompson=merlin.mb...@nanog.org> on behalf of > Dobbins, Roland via NANOG <nanog@nanog.org> > Sent: Tuesday, October 10, 2023 9:34:21 PM > To: nanog@nanog.org <nanog@nanog.org> > Subject: Re: FastNetMon Usage in the wild > > > On 11 Oct 2023, at 01:50, Adam Thompson <athomp...@merlin.mb.ca> wrote: > > you need to buy a moderately-expensive hardware server (they don’t let you > virtualize it) > > > To clarify, Sightline has supported virtualization for many years, FYI. > > I’m not aware of any anti-DDoS products at ISP scale that aren’t SFlow + > Flowspec, possibly including “scrubbing” (diverter box); > > > I don’t know if it’s an in-band appliance, or a “scrubber”-on-a-stick > > > In addition to flow telemetry, D/RTBH, S/RTBH, and flowspec, Sightline/TMS > supports intelligent DDoS mitigation directly in-line or via > diversion/reinjection. > > [Full disclosure: I am an employee of NETSCOUT.]
