SlideShare a Scribd company logo

FastNetMon Advanced DDoS detection tool

Download as PPTX, PDF
Pavel Odintsov, profile picture
Pavel Odintsov

The document outlines the history and features of the FastNetMon project, which was founded in 2013 and supports various types of volumetric attacks with quick detection capabilities. Key features include automation, integration with various traffic capture engines, and a user-friendly interface, aimed at reducing costs and downtime for businesses. FastNetMon offers unlimited scalability and compatibility with different DDoS filtering hardware and clouds, making it an effective solution for network security.

Technology
Related topics:
Network Security
1 of 22
Downloaded 15 times
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
https://FastNetMon.com
PROJECT HISTORY • 2013 Q2 project founded • 2013 Q3 mirror port support • 2014 Q2 sFlow support • 2014 Q3 Netflow 5, 9 support • 2015 Q1 IPFIX support • 2015 Q2 added to official FreeBSD ports • 2016 Q3 integration with A-10 Networks TPS • 2017 Q1 integration with Radware Defense Flow • 2018 Q1 FastNetMon joined to WorksOnARM.com
KEY FEATURES • Supports all types of volumetric attacks • Does not require changes in your network • Complete automation • Lightning fast detection • Software only solution • BGP integration (BGP unicast and BGP flow spec) • Support almost all possible traffic capture engines
KEY FEATURES FOR BUSINESS • Reduce cost for additional capacity • Reduce overall service downtime • Decrease number of incoming abuses • Additional service for customers to increase ARPU • Reduce cost for precise DDoS filtering hardware • Reduce cost for DDoS filtering clouds
SUPPORTED VENDORS
LIGHTNING FAST ATTACK DETECTION • 2 seconds with mirror • 2-3 seconds with sFlow • 10-30 seconds with NetFlow/IPFIX
TRAFFIC CAPTURE BACKENDS • sFlow v5 (switches) • Netflow v5, v9 (including sampled version), v10 (IPFIX), jFlow, cFlow (routers) • SPAN/MIRROR (1GE, 10GE, 40GE) • Tera Flow (distributed monitoring protocol)
SUPPORTED ATTACK TYPES • NTP, DNS, SNMP, SSDP amplification • TCP SYN/ACK/SYN-ACK floods • UDP floods • Multi vector attacks • Reflection attacks
UNLIMITED SCALABILITY • sFlow v5 – 1.2 Tbps* • NetFlow – 2.2 Tbps* • Mirror/SPAN – 80 GE* • Distributed with Tera Flow - unlimited *all numbers for single physical server
ACTIONS TRIGGERED FOR DETECTED ATTACK • E-mail notification • BGP Blackhole • BGP flow spec, RFC 5575 • Slack notification • API call • Web request • Script call
EXTREMELY FAST DELIVERY • Works on any VM or physical server • Less then 15 minutes to install and configure FastNetMon on new server! • Network Engineer friendly CLI interface • Learn almost all configuration automatically!
DETECTION LOGIC Two levels: • Threshold based (based on host’s smoothed traffic) • Hyper packet engine for deep flow / packet inspection using statistics approach • • • • •
BETWEEN THE CLOUD AND NETWORK EQUIPMENT • You could use FastNetMon together with precise filtering hardware (A-10 Networks, Radware, Palo-Alto Networks) • You could use FastNetMon with your favourite DDoS filtering cloud • You could use FastNetMon to isolate attacked customer in special network using BGP or BGP or BGP Flow Spec redirect
FRIENDLY COMMAND LINE INTERFACE
ATTACK AND TRAFFIC VISUALIZATION
ATTACK NOTIFICATIONS
RICH ATTACK REPORTS IP: 10.10.10.221Attack type: syn_flood Initial attack power: 546475 packets per second Peak attack power: 546475 packets per second Attack direction: incoming Attack protocol: tcp Total incoming traffic: 245 mbps Total outgoing traffic: 0 mbps Total incoming pps: 99059 packets per second Total outgoing pps: 0 packets per second Total incoming flows: 98926 flows per second Total outgoing flows: 0 flows per second Average incoming traffic: 45 mbps Average outgoing traffic: 0 mbps Average incoming pps: 99059 packets per second Average outgoing pps: 0 packets per second Average incoming flows: 98926 flows per second Average outgoing flows: 0 flows per second Incoming ip fragmented traffic: 250 mbps Outgoing ip fragmented traffic: 0 mbps Incoming ip fragmented pps: 546475 packets per second Outgoing ip fragmented pps: 0 packets per second Incoming tcp traffic: 250 mbps Outgoing tcp traffic: 0 mbps Incoming tcp pps: 546475 packets per second Outgoing tcp pps: 0 packets per second Incoming syn tcp traffic: 250 mbps Outgoing syn tcp traffic: 0 mbps Incoming syn tcp pps: 546475 packets per second Outgoing syn tcp pps: 0 packets per second Incoming udp traffic: 0 mbps Outgoing udp traffic: 0 mbps Incoming udp pps: 0 packets per second Outgoing udp pps: 0 packets per second Incoming icmp traffic: 0 mbps Outgoing icmp traffic: 0 mbps
DISTRIBUTED SETUP WITH TERA FLOW
DEVELOPER FRIENDLY • API for FastNetMon operations (using fcli) • MongoDB for configuration • JSON everywhere • API for traffic persistency • API for metrics
TRAFFIC PERSISTENCY
ASN REPORTS
Thank you! sales@fastnetmon.com

More Related Content

PDF
FastNetMon - ENOG9 speech about DDoS mitigation
Pavel Odintsov
 
PDF
Ripe71 FastNetMon open source DoS / DDoS mitigation
Pavel Odintsov
 
PDF
Linux Networking Explained
Thomas Graf
 
PDF
netfilter and iptables
Kernel TLV
 
PPT
9534715
Pavel Odintsov
 
PDF
Protocole OSPF
Thomas Moegli
 
ODP
Dpdk performance
Stephen Hemminger
 
PPTX
BGP Update Source
NetProtocol Xpert
 
FastNetMon - ENOG9 speech about DDoS mitigation
Pavel Odintsov
 
Ripe71 FastNetMon open source DoS / DDoS mitigation
Pavel Odintsov
 
Linux Networking Explained
Thomas Graf
 
netfilter and iptables
Kernel TLV
 
9534715
Pavel Odintsov
 
Protocole OSPF
Thomas Moegli
 
Dpdk performance
Stephen Hemminger
 
BGP Update Source
NetProtocol Xpert
 

What's hot (20)

PDF
LinuxCon 2015 Linux Kernel Networking Walkthrough
Thomas Graf
 
PDF
DevConf 2014 Kernel Networking Walkthrough
Thomas Graf
 
PPTX
FD.io VPP事始め
tetsusat
 
PPTX
Software-Defined Networking (SDN): Unleashing the Power of the Network
Robert Keahey
 
PDF
DoS and DDoS mitigations with eBPF, XDP and DPDK
Marian Marinov
 
PPTX
The TCP/IP Stack in the Linux Kernel
Divye Kapoor
 
PDF
BPF - in-kernel virtual machine
Alexei Starovoitov
 
PDF
Обеспечение безопасности сети оператора связи с помощью BGP FlowSpec
Cisco Russia
 
PDF
DDoS Mitigation using BGP Flowspec
APNIC
 
PDF
Replacing iptables with eBPF in Kubernetes with Cilium
Michal Rostecki
 
PDF
Using GTP on Linux with libgtpnl
Kentaro Ebisawa
 
PPTX
The Basic Introduction of Open vSwitch
Te-Yen Liu
 
PDF
MPLS L3 VPN Deployment
APNIC
 
PPTX
Introduction to DPDK
Kernel TLV
 
PDF
cours ospf
EL AMRI El Hassan
 
PDF
BPF: Tracing and more
Brendan Gregg
 
PDF
Iptables presentation
Emin Abdul Azeez
 
PPTX
Présentation de la pile réseau sous gnu linux
Thierry Gayet
 
PDF
Network security
Telematika Open Session
 
PDF
EBPF and Linux Networking
PLUMgrid
 
LinuxCon 2015 Linux Kernel Networking Walkthrough
Thomas Graf
 
DevConf 2014 Kernel Networking Walkthrough
Thomas Graf
 
FD.io VPP事始め
tetsusat
 
Software-Defined Networking (SDN): Unleashing the Power of the Network
Robert Keahey
 
DoS and DDoS mitigations with eBPF, XDP and DPDK
Marian Marinov
 
The TCP/IP Stack in the Linux Kernel
Divye Kapoor
 
BPF - in-kernel virtual machine
Alexei Starovoitov
 
Обеспечение безопасности сети оператора связи с помощью BGP FlowSpec
Cisco Russia
 
DDoS Mitigation using BGP Flowspec
APNIC
 
Replacing iptables with eBPF in Kubernetes with Cilium
Michal Rostecki
 
Using GTP on Linux with libgtpnl
Kentaro Ebisawa
 
The Basic Introduction of Open vSwitch
Te-Yen Liu
 
MPLS L3 VPN Deployment
APNIC
 
Introduction to DPDK
Kernel TLV
 
cours ospf
EL AMRI El Hassan
 
BPF: Tracing and more
Brendan Gregg
 
Iptables presentation
Emin Abdul Azeez
 
Présentation de la pile réseau sous gnu linux
Thierry Gayet
 
Network security
Telematika Open Session
 
EBPF and Linux Networking
PLUMgrid
 
Ad

Similar to FastNetMon Advanced DDoS detection tool (20)

PDF
DDOS Mitigation Experience from IP ServerOne by CL Lee
MyNOG
 
PPTX
Integrating Unified Communications and Collaboration on an Aruba Access Network
Aruba, a Hewlett Packard Enterprise company
 
PDF
Continuum pcap-oem
blabadini
 
PDF
Accelerated SDN in Azure
Open Networking Summit
 
PDF
DDoS Attacks - Scenery, Evolution and Mitigation
Wilson Rogerio Lopes
 
PDF
Leveraging Network Offload to Accelerate SDN and NFV Deployments
Netronome
 
PDF
DDoS Mitigation Tools and Techniques
Babak Farrokhi
 
PDF
Detecting Spoofing at IXPs
APNIC
 
PDF
Detecting spoofing at IxP's
Tom Paseka
 
PDF
Using MikroTik routers for BGP transit and IX points
Pavel Odintsov
 
PDF
[En] IPVS for Docker Containers
Andrey Sibirev
 
PDF
IPVS for Docker Containers
Bob Sokol
 
PDF
DDoS Attacks in 2017: Beyond Packet Filtering
Qrator Labs
 
PPTX
Tale of a New Bangladeshi NIX
Bangladesh Network Operators Group
 
PDF
Exploiting First Hop Protocols to Own the Network - Paul Coggin
EC-Council
 
PPTX
BGP Flowspec (RFC5575) Case study and Discussion
APNIC
 
PDF
FastNetMon and Metrics
Altinity Ltd
 
PDF
DDos, Peering, Automation and more
Internet Society
 
PDF
Netflix Open Connect: Delivering Internet TV to the world
Internet Society
 
PDF
TRex Traffic Generator - Hanoch Haim
harryvanhaaren
 
DDOS Mitigation Experience from IP ServerOne by CL Lee
MyNOG
 
Integrating Unified Communications and Collaboration on an Aruba Access Network
Aruba, a Hewlett Packard Enterprise company
 
Continuum pcap-oem
blabadini
 
Accelerated SDN in Azure
Open Networking Summit
 
DDoS Attacks - Scenery, Evolution and Mitigation
Wilson Rogerio Lopes
 
Leveraging Network Offload to Accelerate SDN and NFV Deployments
Netronome
 
DDoS Mitigation Tools and Techniques
Babak Farrokhi
 
Detecting Spoofing at IXPs
APNIC
 
Detecting spoofing at IxP's
Tom Paseka
 
Using MikroTik routers for BGP transit and IX points
Pavel Odintsov
 
[En] IPVS for Docker Containers
Andrey Sibirev
 
IPVS for Docker Containers
Bob Sokol
 
DDoS Attacks in 2017: Beyond Packet Filtering
Qrator Labs
 
Tale of a New Bangladeshi NIX
Bangladesh Network Operators Group
 
Exploiting First Hop Protocols to Own the Network - Paul Coggin
EC-Council
 
BGP Flowspec (RFC5575) Case study and Discussion
APNIC
 
FastNetMon and Metrics
Altinity Ltd
 
DDos, Peering, Automation and more
Internet Society
 
Netflix Open Connect: Delivering Internet TV to the world
Internet Society
 
TRex Traffic Generator - Hanoch Haim
harryvanhaaren
 
Ad

More from Pavel Odintsov (20)

PDF
BGP Flow Spec HKNOG 13
Pavel Odintsov
 
PDF
DDoS Challenges in IPv6 environment
Pavel Odintsov
 
PDF
Network telemetry for DDoS detection presentation
Pavel Odintsov
 
PPTX
BGP FlowSpec experience and future developments
Pavel Odintsov
 
PDF
VietTel AntiDDoS Volume Based
Pavel Odintsov
 
PDF
DDoS Defense Mechanisms for IXP Infrastructures
Pavel Odintsov
 
PPTX
Flowspec contre les attaques DDoS : l'expérience danoise
Pavel Odintsov
 
PDF
Detectando DDoS e intrusiones con RouterOS
Pavel Odintsov
 
PPTX
DeiC DDoS Prevention System - DDPS
Pavel Odintsov
 
PDF
Lekker weer nlnog_nlnog_ddos_fl
Pavel Odintsov
 
PDF
Lekker weer nlnog_how_to_avoid_buying_expensive_routers
Pavel Odintsov
 
PDF
Implementing BGP Flowspec at IP transit network
Pavel Odintsov
 
PDF
Janog 39: speech about FastNetMon by Yutaka Ishizaki
Pavel Odintsov
 
PDF
Protect your edge BGP security made simple
Pavel Odintsov
 
PDF
Keeping your rack cool
Pavel Odintsov
 
PDF
Jon Nield FastNetMon
Pavel Odintsov
 
PDF
Detecting and mitigating DDoS ZenDesk by Vicente De Luca
Pavel Odintsov
 
PDF
Blackholing from a_providers_perspektive_theo_voss
Pavel Odintsov
 
PDF
SIG-NOC Tools Survey
Pavel Odintsov
 
PDF
DDoS detection at small ISP by Wardner Maia
Pavel Odintsov
 
BGP Flow Spec HKNOG 13
Pavel Odintsov
 
DDoS Challenges in IPv6 environment
Pavel Odintsov
 
Network telemetry for DDoS detection presentation
Pavel Odintsov
 
BGP FlowSpec experience and future developments
Pavel Odintsov
 
VietTel AntiDDoS Volume Based
Pavel Odintsov
 
DDoS Defense Mechanisms for IXP Infrastructures
Pavel Odintsov
 
Flowspec contre les attaques DDoS : l'expérience danoise
Pavel Odintsov
 
Detectando DDoS e intrusiones con RouterOS
Pavel Odintsov
 
DeiC DDoS Prevention System - DDPS
Pavel Odintsov
 
Lekker weer nlnog_nlnog_ddos_fl
Pavel Odintsov
 
Lekker weer nlnog_how_to_avoid_buying_expensive_routers
Pavel Odintsov
 
Implementing BGP Flowspec at IP transit network
Pavel Odintsov
 
Janog 39: speech about FastNetMon by Yutaka Ishizaki
Pavel Odintsov
 
Protect your edge BGP security made simple
Pavel Odintsov
 
Keeping your rack cool
Pavel Odintsov
 
Jon Nield FastNetMon
Pavel Odintsov
 
Detecting and mitigating DDoS ZenDesk by Vicente De Luca
Pavel Odintsov
 
Blackholing from a_providers_perspektive_theo_voss
Pavel Odintsov
 
SIG-NOC Tools Survey
Pavel Odintsov
 
DDoS detection at small ISP by Wardner Maia
Pavel Odintsov
 

Recently uploaded (20)

PPTX
Digital-Transformation-Roadmap-for-Companies.pptx
David Malick Dieng
 
PPTX
VMware vSphere Foundation How to Sell Presentation-Ver1.4-2-14-2024.pptx
blackmambaettijean
 
PPTX
Understanding_Digital_Forensics_Presentation.pptx
ImranKhan423233
 
PDF
Reach Out and Touch Someone: Haptics and Empathic Computing
Mark Billinghurst
 
PDF
MIND Revenue Release Quarter 2 2025 Press Release
MIND CTI
 
PDF
The Rise and Fall of 3GPP – Time for a Sabbatical?
3G4G
 
PDF
cuic standard and advanced reporting.pdf
SimoneTitaniumTomase
 
PDF
Empathic Computing: Creating Shared Understanding
Mark Billinghurst
 
PDF
Spectral efficient network and resource selection model in 5G networks
IAESIJAI
 
DOCX
The AUB Centre for AI in Media Proposal.docx
GAONE9
 
PDF
Agricultural_Statistics_at_a_Glance_2022_0.pdf
SandeepSingh286037
 
PPTX
ACSFv1EN-58255 AWS Academy Cloud Security Foundations.pptx
23bcla24
 
PPTX
Spectroscopy.pptx food analysis technology
nawahassan45
 
PPTX
20250228 LYD VKU AI Blended-Learning.pptx
DatVoNgoc
 
PPTX
Cloud computing and distributed systems.
kkkkkhan
 
PDF
Unlocking AI with Model Context Protocol (MCP)
Brian McKeiver
 
PDF
Dropbox Q2 2025 Financial Results & Investor Presentation
Dropbox
 
PDF
TokAI - TikTok AI Agent : The First AI Application That Analyzes 10,000+ Vira...
SOFTTECHHUB
 
PDF
Network Security Unit 5.pdf for BCA BBA.
Serpent6
 
PDF
Encapsulation_ Review paper, used for researhc scholars
gurumoop
 
Digital-Transformation-Roadmap-for-Companies.pptx
David Malick Dieng
 
VMware vSphere Foundation How to Sell Presentation-Ver1.4-2-14-2024.pptx
blackmambaettijean
 
Understanding_Digital_Forensics_Presentation.pptx
ImranKhan423233
 
Reach Out and Touch Someone: Haptics and Empathic Computing
Mark Billinghurst
 
MIND Revenue Release Quarter 2 2025 Press Release
MIND CTI
 
The Rise and Fall of 3GPP – Time for a Sabbatical?
3G4G
 
cuic standard and advanced reporting.pdf
SimoneTitaniumTomase
 
Empathic Computing: Creating Shared Understanding
Mark Billinghurst
 
Spectral efficient network and resource selection model in 5G networks
IAESIJAI
 
The AUB Centre for AI in Media Proposal.docx
GAONE9
 
Agricultural_Statistics_at_a_Glance_2022_0.pdf
SandeepSingh286037
 
ACSFv1EN-58255 AWS Academy Cloud Security Foundations.pptx
23bcla24
 
Spectroscopy.pptx food analysis technology
nawahassan45
 
20250228 LYD VKU AI Blended-Learning.pptx
DatVoNgoc
 
Cloud computing and distributed systems.
kkkkkhan
 
Unlocking AI with Model Context Protocol (MCP)
Brian McKeiver
 
Dropbox Q2 2025 Financial Results & Investor Presentation
Dropbox
 
TokAI - TikTok AI Agent : The First AI Application That Analyzes 10,000+ Vira...
SOFTTECHHUB
 
Network Security Unit 5.pdf for BCA BBA.
Serpent6
 
Encapsulation_ Review paper, used for researhc scholars
gurumoop
 

FastNetMon Advanced DDoS detection tool

  • 2. PROJECT HISTORY • 2013 Q2 project founded • 2013 Q3 mirror port support • 2014 Q2 sFlow support • 2014 Q3 Netflow 5, 9 support • 2015 Q1 IPFIX support • 2015 Q2 added to official FreeBSD ports • 2016 Q3 integration with A-10 Networks TPS • 2017 Q1 integration with Radware Defense Flow • 2018 Q1 FastNetMon joined to WorksOnARM.com
  • 3. KEY FEATURES • Supports all types of volumetric attacks • Does not require changes in your network • Complete automation • Lightning fast detection • Software only solution • BGP integration (BGP unicast and BGP flow spec) • Support almost all possible traffic capture engines
  • 4. KEY FEATURES FOR BUSINESS • Reduce cost for additional capacity • Reduce overall service downtime • Decrease number of incoming abuses • Additional service for customers to increase ARPU • Reduce cost for precise DDoS filtering hardware • Reduce cost for DDoS filtering clouds
  • 6. LIGHTNING FAST ATTACK DETECTION • 2 seconds with mirror • 2-3 seconds with sFlow • 10-30 seconds with NetFlow/IPFIX
  • 7. TRAFFIC CAPTURE BACKENDS • sFlow v5 (switches) • Netflow v5, v9 (including sampled version), v10 (IPFIX), jFlow, cFlow (routers) • SPAN/MIRROR (1GE, 10GE, 40GE) • Tera Flow (distributed monitoring protocol)
  • 8. SUPPORTED ATTACK TYPES • NTP, DNS, SNMP, SSDP amplification • TCP SYN/ACK/SYN-ACK floods • UDP floods • Multi vector attacks • Reflection attacks
  • 9. UNLIMITED SCALABILITY • sFlow v5 – 1.2 Tbps* • NetFlow – 2.2 Tbps* • Mirror/SPAN – 80 GE* • Distributed with Tera Flow - unlimited *all numbers for single physical server
  • 10. ACTIONS TRIGGERED FOR DETECTED ATTACK • E-mail notification • BGP Blackhole • BGP flow spec, RFC 5575 • Slack notification • API call • Web request • Script call
  • 11. EXTREMELY FAST DELIVERY • Works on any VM or physical server • Less then 15 minutes to install and configure FastNetMon on new server! • Network Engineer friendly CLI interface • Learn almost all configuration automatically!
  • 12. DETECTION LOGIC Two levels: • Threshold based (based on host’s smoothed traffic) • Hyper packet engine for deep flow / packet inspection using statistics approach • • • • •
  • 13. BETWEEN THE CLOUD AND NETWORK EQUIPMENT • You could use FastNetMon together with precise filtering hardware (A-10 Networks, Radware, Palo-Alto Networks) • You could use FastNetMon with your favourite DDoS filtering cloud • You could use FastNetMon to isolate attacked customer in special network using BGP or BGP or BGP Flow Spec redirect
  • 15. ATTACK AND TRAFFIC VISUALIZATION
  • 17. RICH ATTACK REPORTS IP: 10.10.10.221Attack type: syn_flood Initial attack power: 546475 packets per second Peak attack power: 546475 packets per second Attack direction: incoming Attack protocol: tcp Total incoming traffic: 245 mbps Total outgoing traffic: 0 mbps Total incoming pps: 99059 packets per second Total outgoing pps: 0 packets per second Total incoming flows: 98926 flows per second Total outgoing flows: 0 flows per second Average incoming traffic: 45 mbps Average outgoing traffic: 0 mbps Average incoming pps: 99059 packets per second Average outgoing pps: 0 packets per second Average incoming flows: 98926 flows per second Average outgoing flows: 0 flows per second Incoming ip fragmented traffic: 250 mbps Outgoing ip fragmented traffic: 0 mbps Incoming ip fragmented pps: 546475 packets per second Outgoing ip fragmented pps: 0 packets per second Incoming tcp traffic: 250 mbps Outgoing tcp traffic: 0 mbps Incoming tcp pps: 546475 packets per second Outgoing tcp pps: 0 packets per second Incoming syn tcp traffic: 250 mbps Outgoing syn tcp traffic: 0 mbps Incoming syn tcp pps: 546475 packets per second Outgoing syn tcp pps: 0 packets per second Incoming udp traffic: 0 mbps Outgoing udp traffic: 0 mbps Incoming udp pps: 0 packets per second Outgoing udp pps: 0 packets per second Incoming icmp traffic: 0 mbps Outgoing icmp traffic: 0 mbps
  • 19. DEVELOPER FRIENDLY • API for FastNetMon operations (using fcli) • MongoDB for configuration • JSON everywhere • API for traffic persistency • API for metrics