What happens when someone spoofs legitimate hosts that your customers use? On Thu, Nov 20, 2014 at 3:36 PM, Pavel Odintsov <pavel.odint...@gmail.com> wrote:
> Hello, folks! > > I'm author of fastnetmon, thank you for some PR for my toolkit :) > > I use this tool for similar type of attacks and we do analyze all > traffic from uplinks ports using port mirroring. You can look at this > network diagram: > > https://raw.githubusercontent.com/FastVPSEestiOu/fastnetmon/master/network_map.png > > I tried to use netflow many years ago but it's not accurate enough and > not so fast enough and produce big overhead on middle class network > routers. It's because I wrote this tool and do every packet analyze. > It can detect attack in 2 seconds max and call BGP blackhole as quick > as thought. > > It can detect three types of attacks: > 1) Speed attack for certain IP (we ban every IP which exceed 1 Gbps) > 2) Packet per second attack for certain IP (we ban every IP which > exceed 100 000 ppps) > 3) And flow flood (very useful mode in networks with big bandwidth/pps > per client) > > FastNetMon can handle 2-3 million of packets per second and ~20Gbps on > standard i7 2600 Linux box with Intel 82599 NIC. > > If you need any help or suggestions you can email me directly or ask via > GitHub. > > Thank you! > > -- > Sincerely yours, Pavel Odintsov >
