Skip to content
/ fastnetmon Public
forked from pavel-odintsov/fastnetmon

FastNetMon - very fast DDoS sensor with sFlow/Netflow/IPFIX/SPAN support

fastnetmon.com

License

GPL-2.0 license
0 stars 569 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

monogon-dev/fastnetmon

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

3,291 Commits
.circleci
.circleci
 
 
.github
.github
 
 
docs/images
docs/images
 
 
src
src
 
 
.gitignore
.gitignore
 
 
.gitmodules
.gitmodules
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
SECURITY.md
SECURITY.md
 
 
THANKS.md
THANKS.md
 
 

Repository files navigation

logo

Community Edition

FastNetMon - A high performance DDoS detector / sensor built on top of multiple packet capture engines: NetFlow, IPFIX, sFlow, AF_PACKET (port mirror).

What do we do?

We detect hosts in the deployed network sending or receiving large volumes of traffic, packets/bytes/flows per second and perform a configurable action to handle that event. These configurable actions include notifying you, calling script or making BGP announces.

Legal

FastNetMon is a product of FastNetMon LTD, UK. FastNetMon ® is a registered trademark in the UK and EU.

CI build status

CircleCI

Project

🌏️ Official site
⭐️ FastNetMon Advanced, Commercial Edition
🌟️ FastNetMon Advanced, free one month trial
📜️ FastNetMon Advanced and Community difference table
📘️ Detailed reference
🔏️ Privacy policy

Supported packet capture engines

  • NetFlow v5, v9, v9 Lite
  • IPFIX
  • sFlow v5
  • PCAP
  • AF_PACKET (recommended)
  • AF_XDP (XDP based capture)
  • Netmap (deprecated, stil supported only for FreeBSD)
  • PF_RING / PF_RING ZC (deprecated, available only for CentOS 6 in 1.2.0)

You can check out the comparison table for all available packet capture engines.

Official support groups:

Follow us at social media:

Complete integration with the following vendors

Features

  • Detects DoS/DDoS in as little as 1-2 seconds
  • Scales up to terabits on single server (sFlow, Netflow, IPFIX) or to 40G + in mirror mode
  • Trigger block/notify script if an IP exceeds defined thresholds for packets/bytes/flows per second
  • Complete support for most popular attack types
  • Thresholds can be configured per-subnet basis with the hostgroups feature
  • Email notifications about detected attack
  • Complete IPv6 support
  • Prometheus support: system metrics and total traffic counters
  • Flow and packet export to Kafka in JSON and Protobuf format
  • Announce blocked IPs via BGP to routers with ExaBGP or GoBGP (recommended)
  • Full integration with InfluxDB and Graphite
  • API
  • Redis integration
  • MongoDB integration
  • Prometheus support
  • VLAN untagging in mirror and sFlow modes
  • Capture attack fingerprints in PCAP format

Running FastNetMon

Hardware requirements

  • At least 1 GB of RAM

Installation

Router integration instructions

Screenshots

Main screen image

Example deployment scheme

Network diagramm

Upstream versions in different distributions

FastNetMon upstream distro packaging status

About

FastNetMon - very fast DDoS sensor with sFlow/Netflow/IPFIX/SPAN support

fastnetmon.com

Resources

Readme

License

GPL-2.0 license
Activity
Custom properties

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages

  • C++ 89.6%
  • Perl 6.0%
  • CMake 1.7%
  • PHP 1.0%
  • Python 0.9%
  • Shell 0.4%
  • Other 0.4%