SlideShare a Scribd company logo

FastNetMon Advanced DDoS detection tool

Download as PPTX, PDF
Pavel Odintsov
Pavel Odintsov

Slides about DDoS detection tool. IPFIX, sFlow, Netflow support. Instant detection. Complete API and command line tools. Free trial: https://fastnetmon.com/trial/

Technology
1 of 22
https://FastNetMon.com
PROJECT HISTORY • 2013 Q2 project founded • 2013 Q3 mirror port support • 2014 Q2 sFlow support • 2014 Q3 Netflow 5, 9 support • 2015 Q1 IPFIX support • 2015 Q2 added to official FreeBSD ports • 2016 Q3 integration with A-10 Networks TPS • 2017 Q1 integration with Radware Defense Flow • 2018 Q1 FastNetMon joined to WorksOnARM.com
KEY FEATURES • Supports all types of volumetric attacks • Does not require changes in your network • Complete automation • Lightning fast detection • Software only solution • BGP integration (BGP unicast and BGP flow spec) • Support almost all possible traffic capture engines
KEY FEATURES FOR BUSINESS • Reduce cost for additional capacity • Reduce overall service downtime • Decrease number of incoming abuses • Additional service for customers to increase ARPU • Reduce cost for precise DDoS filtering hardware • Reduce cost for DDoS filtering clouds
SUPPORTED VENDORS
LIGHTNING FAST ATTACK DETECTION • 2 seconds with mirror • 2-3 seconds with sFlow • 10-30 seconds with NetFlow/IPFIX
TRAFFIC CAPTURE BACKENDS • sFlow v5 (switches) • Netflow v5, v9 (including sampled version), v10 (IPFIX), jFlow, cFlow (routers) • SPAN/MIRROR (1GE, 10GE, 40GE) • Tera Flow (distributed monitoring protocol)
SUPPORTED ATTACK TYPES • NTP, DNS, SNMP, SSDP amplification • TCP SYN/ACK/SYN-ACK floods • UDP floods • Multi vector attacks • Reflection attacks
UNLIMITED SCALABILITY • sFlow v5 – 1.2 Tbps* • NetFlow – 2.2 Tbps* • Mirror/SPAN – 80 GE* • Distributed with Tera Flow - unlimited *all numbers for single physical server
ACTIONS TRIGGERED FOR DETECTED ATTACK • E-mail notification • BGP Blackhole • BGP flow spec, RFC 5575 • Slack notification • API call • Web request • Script call
EXTREMELY FAST DELIVERY • Works on any VM or physical server • Less then 15 minutes to install and configure FastNetMon on new server! • Network Engineer friendly CLI interface • Learn almost all configuration automatically!
DETECTION LOGIC Two levels: • Threshold based (based on host’s smoothed traffic) • Hyper packet engine for deep flow / packet inspection using statistics approach • • • • •
BETWEEN THE CLOUD AND NETWORK EQUIPMENT • You could use FastNetMon together with precise filtering hardware (A-10 Networks, Radware, Palo-Alto Networks) • You could use FastNetMon with your favourite DDoS filtering cloud • You could use FastNetMon to isolate attacked customer in special network using BGP or BGP or BGP Flow Spec redirect
FRIENDLY COMMAND LINE INTERFACE
ATTACK AND TRAFFIC VISUALIZATION
ATTACK NOTIFICATIONS
RICH ATTACK REPORTS IP: 10.10.10.221Attack type: syn_flood Initial attack power: 546475 packets per second Peak attack power: 546475 packets per second Attack direction: incoming Attack protocol: tcp Total incoming traffic: 245 mbps Total outgoing traffic: 0 mbps Total incoming pps: 99059 packets per second Total outgoing pps: 0 packets per second Total incoming flows: 98926 flows per second Total outgoing flows: 0 flows per second Average incoming traffic: 45 mbps Average outgoing traffic: 0 mbps Average incoming pps: 99059 packets per second Average outgoing pps: 0 packets per second Average incoming flows: 98926 flows per second Average outgoing flows: 0 flows per second Incoming ip fragmented traffic: 250 mbps Outgoing ip fragmented traffic: 0 mbps Incoming ip fragmented pps: 546475 packets per second Outgoing ip fragmented pps: 0 packets per second Incoming tcp traffic: 250 mbps Outgoing tcp traffic: 0 mbps Incoming tcp pps: 546475 packets per second Outgoing tcp pps: 0 packets per second Incoming syn tcp traffic: 250 mbps Outgoing syn tcp traffic: 0 mbps Incoming syn tcp pps: 546475 packets per second Outgoing syn tcp pps: 0 packets per second Incoming udp traffic: 0 mbps Outgoing udp traffic: 0 mbps Incoming udp pps: 0 packets per second Outgoing udp pps: 0 packets per second Incoming icmp traffic: 0 mbps Outgoing icmp traffic: 0 mbps
DISTRIBUTED SETUP WITH TERA FLOW
DEVELOPER FRIENDLY • API for FastNetMon operations (using fcli) • MongoDB for configuration • JSON everywhere • API for traffic persistency • API for metrics
TRAFFIC PERSISTENCY
ASN REPORTS
Thank you! sales@fastnetmon.com

Recommended

FastNetMon - ENOG9 speech about DDoS mitigation
FastNetMon - ENOG9 speech about DDoS mitigationFastNetMon - ENOG9 speech about DDoS mitigation
FastNetMon - ENOG9 speech about DDoS mitigationPavel Odintsov
 
9534715
95347159534715
9534715Pavel Odintsov
 
DDoS Mitigation Tools and Techniques
DDoS Mitigation Tools and TechniquesDDoS Mitigation Tools and Techniques
DDoS Mitigation Tools and TechniquesBabak Farrokhi
 
BGP Update Source
BGP Update Source BGP Update Source
BGP Update Source NetProtocol Xpert
 
BGP FlowSpec experience and future developments
BGP FlowSpec experience and future developmentsBGP FlowSpec experience and future developments
BGP FlowSpec experience and future developmentsPavel Odintsov
 
Обеспечение безопасности сети оператора связи с помощью BGP FlowSpec
Обеспечение безопасности сети оператора связи с помощью BGP FlowSpecОбеспечение безопасности сети оператора связи с помощью BGP FlowSpec
Обеспечение безопасности сети оператора связи с помощью BGP FlowSpecCisco Russia
 
GoBGP : yet another OSS BGPd
GoBGP : yet another OSS BGPdGoBGP : yet another OSS BGPd
GoBGP : yet another OSS BGPdPavel Odintsov
 
Ripe71 FastNetMon open source DoS / DDoS mitigation
Ripe71 FastNetMon open source DoS / DDoS mitigationRipe71 FastNetMon open source DoS / DDoS mitigation
Ripe71 FastNetMon open source DoS / DDoS mitigationPavel Odintsov
 

Recommended

FastNetMon - ENOG9 speech about DDoS mitigation
FastNetMon - ENOG9 speech about DDoS mitigationFastNetMon - ENOG9 speech about DDoS mitigation
FastNetMon - ENOG9 speech about DDoS mitigationPavel Odintsov
 
9534715
95347159534715
9534715Pavel Odintsov
 
DDoS Mitigation Tools and Techniques
DDoS Mitigation Tools and TechniquesDDoS Mitigation Tools and Techniques
DDoS Mitigation Tools and TechniquesBabak Farrokhi
 
BGP Update Source
BGP Update Source BGP Update Source
BGP Update Source NetProtocol Xpert
 
BGP FlowSpec experience and future developments
BGP FlowSpec experience and future developmentsBGP FlowSpec experience and future developments
BGP FlowSpec experience and future developmentsPavel Odintsov
 
Обеспечение безопасности сети оператора связи с помощью BGP FlowSpec
Обеспечение безопасности сети оператора связи с помощью BGP FlowSpecОбеспечение безопасности сети оператора связи с помощью BGP FlowSpec
Обеспечение безопасности сети оператора связи с помощью BGP FlowSpecCisco Russia
 
GoBGP : yet another OSS BGPd
GoBGP : yet another OSS BGPdGoBGP : yet another OSS BGPd
GoBGP : yet another OSS BGPdPavel Odintsov
 
Ripe71 FastNetMon open source DoS / DDoS mitigation
Ripe71 FastNetMon open source DoS / DDoS mitigationRipe71 FastNetMon open source DoS / DDoS mitigation
Ripe71 FastNetMon open source DoS / DDoS mitigationPavel Odintsov
 
BGP Flowspec (RFC5575) Case study and Discussion
BGP Flowspec (RFC5575) Case study and DiscussionBGP Flowspec (RFC5575) Case study and Discussion
BGP Flowspec (RFC5575) Case study and DiscussionAPNIC
 
VietTel AntiDDoS Volume Based
VietTel AntiDDoS Volume BasedVietTel AntiDDoS Volume Based
VietTel AntiDDoS Volume BasedPavel Odintsov
 
DDoS Mitigation using BGP Flowspec
DDoS Mitigation using BGP Flowspec DDoS Mitigation using BGP Flowspec
DDoS Mitigation using BGP Flowspec APNIC
 
Implementing BGP Flowspec at IP transit network
Implementing BGP Flowspec at IP transit networkImplementing BGP Flowspec at IP transit network
Implementing BGP Flowspec at IP transit networkPavel Odintsov
 
Ultra fast DDoS Detection with FastNetMon at Coloclue (AS 8283)
Ultra fast DDoS Detection with FastNetMon at Coloclue (AS 8283)Ultra fast DDoS Detection with FastNetMon at Coloclue (AS 8283)
Ultra fast DDoS Detection with FastNetMon at Coloclue (AS 8283)Pavel Odintsov
 
TRex Realistic Traffic Generator - Stateless support
TRex Realistic Traffic Generator - Stateless support TRex Realistic Traffic Generator - Stateless support
TRex Realistic Traffic Generator - Stateless support Hanoch Haim
 
Segment Routing
Segment RoutingSegment Routing
Segment RoutingAPNIC
 
2 what is the best firewall (sizing)
2 what is the best firewall (sizing)2 what is the best firewall (sizing)
2 what is the best firewall (sizing)Mostafa El Lathy
 
The Basic Introduction of Open vSwitch
The Basic Introduction of Open vSwitchThe Basic Introduction of Open vSwitch
The Basic Introduction of Open vSwitchTe-Yen Liu
 
EVPN Introduction
EVPN IntroductionEVPN Introduction
EVPN IntroductionBangladesh Network Operators Group
 
How BGP Works
How BGP WorksHow BGP Works
How BGP WorksThousandEyes
 
Cisco Live Milan 2015 - BGP advance
Cisco Live Milan 2015 - BGP advanceCisco Live Milan 2015 - BGP advance
Cisco Live Milan 2015 - BGP advanceBertrand Duvivier
 
Using MikroTik routers for BGP transit and IX points
Using MikroTik routers for BGP transit and IX points Using MikroTik routers for BGP transit and IX points
Using MikroTik routers for BGP transit and IX points Pavel Odintsov
 
Palo alto networks product overview
Palo alto networks product overviewPalo alto networks product overview
Palo alto networks product overviewBelsoft
 
Large BGP Communities
Large BGP CommunitiesLarge BGP Communities
Large BGP CommunitiesAPNIC
 
Palo alto-review
Palo alto-reviewPalo alto-review
Palo alto-reviewRayan Darine
 
macvlan and ipvlan
macvlan and ipvlanmacvlan and ipvlan
macvlan and ipvlanSuraj Deshmukh
 
17 palo alto threat prevention concept
17 palo alto threat prevention concept17 palo alto threat prevention concept
17 palo alto threat prevention conceptMostafa El Lathy
 
BGP on mikrotik
BGP on mikrotikBGP on mikrotik
BGP on mikrotikAchmad Mardiansyah
 
Access Network Evolution
Access Network Evolution Access Network Evolution
Access Network Evolution Cisco Canada
 
DDOS Mitigation Experience from IP ServerOne by CL Lee
DDOS Mitigation Experience from IP ServerOne by CL LeeDDOS Mitigation Experience from IP ServerOne by CL Lee
DDOS Mitigation Experience from IP ServerOne by CL LeeMyNOG
 
Integrating Unified Communications and Collaboration on an Aruba Access Network
Integrating Unified Communications and Collaboration on an Aruba Access NetworkIntegrating Unified Communications and Collaboration on an Aruba Access Network
Integrating Unified Communications and Collaboration on an Aruba Access NetworkAruba, a Hewlett Packard Enterprise company
 

More Related Content

What's hot

BGP Flowspec (RFC5575) Case study and Discussion
BGP Flowspec (RFC5575) Case study and DiscussionBGP Flowspec (RFC5575) Case study and Discussion
BGP Flowspec (RFC5575) Case study and DiscussionAPNIC
 
VietTel AntiDDoS Volume Based
VietTel AntiDDoS Volume BasedVietTel AntiDDoS Volume Based
VietTel AntiDDoS Volume BasedPavel Odintsov
 
DDoS Mitigation using BGP Flowspec
DDoS Mitigation using BGP Flowspec DDoS Mitigation using BGP Flowspec
DDoS Mitigation using BGP Flowspec APNIC
 
Implementing BGP Flowspec at IP transit network
Implementing BGP Flowspec at IP transit networkImplementing BGP Flowspec at IP transit network
Implementing BGP Flowspec at IP transit networkPavel Odintsov
 
Ultra fast DDoS Detection with FastNetMon at Coloclue (AS 8283)
Ultra fast DDoS Detection with FastNetMon at Coloclue (AS 8283)Ultra fast DDoS Detection with FastNetMon at Coloclue (AS 8283)
Ultra fast DDoS Detection with FastNetMon at Coloclue (AS 8283)Pavel Odintsov
 
TRex Realistic Traffic Generator - Stateless support
TRex Realistic Traffic Generator - Stateless support TRex Realistic Traffic Generator - Stateless support
TRex Realistic Traffic Generator - Stateless support Hanoch Haim
 
Segment Routing
Segment RoutingSegment Routing
Segment RoutingAPNIC
 
2 what is the best firewall (sizing)
2 what is the best firewall (sizing)2 what is the best firewall (sizing)
2 what is the best firewall (sizing)Mostafa El Lathy
 
The Basic Introduction of Open vSwitch
The Basic Introduction of Open vSwitchThe Basic Introduction of Open vSwitch
The Basic Introduction of Open vSwitchTe-Yen Liu
 
Cisco Live Milan 2015 - BGP advance
Cisco Live Milan 2015 - BGP advanceCisco Live Milan 2015 - BGP advance
Cisco Live Milan 2015 - BGP advanceBertrand Duvivier
 
Using MikroTik routers for BGP transit and IX points
Using MikroTik routers for BGP transit and IX points Using MikroTik routers for BGP transit and IX points
Using MikroTik routers for BGP transit and IX points Pavel Odintsov
 
Palo alto networks product overview
Palo alto networks product overviewPalo alto networks product overview
Palo alto networks product overviewBelsoft
 
Large BGP Communities
Large BGP CommunitiesLarge BGP Communities
Large BGP CommunitiesAPNIC
 
17 palo alto threat prevention concept
17 palo alto threat prevention concept17 palo alto threat prevention concept
17 palo alto threat prevention conceptMostafa El Lathy
 
Access Network Evolution
Access Network Evolution Access Network Evolution
Access Network Evolution Cisco Canada
 

What's hot (20)

BGP Flowspec (RFC5575) Case study and Discussion
BGP Flowspec (RFC5575) Case study and DiscussionBGP Flowspec (RFC5575) Case study and Discussion
BGP Flowspec (RFC5575) Case study and Discussion
 
VietTel AntiDDoS Volume Based
VietTel AntiDDoS Volume BasedVietTel AntiDDoS Volume Based
VietTel AntiDDoS Volume Based
 
DDoS Mitigation using BGP Flowspec
DDoS Mitigation using BGP Flowspec DDoS Mitigation using BGP Flowspec
DDoS Mitigation using BGP Flowspec
 
Implementing BGP Flowspec at IP transit network
Implementing BGP Flowspec at IP transit networkImplementing BGP Flowspec at IP transit network
Implementing BGP Flowspec at IP transit network
 
Ultra fast DDoS Detection with FastNetMon at Coloclue (AS 8283)
Ultra fast DDoS Detection with FastNetMon at Coloclue (AS 8283)Ultra fast DDoS Detection with FastNetMon at Coloclue (AS 8283)
Ultra fast DDoS Detection with FastNetMon at Coloclue (AS 8283)
 
TRex Realistic Traffic Generator - Stateless support
TRex Realistic Traffic Generator - Stateless support TRex Realistic Traffic Generator - Stateless support
TRex Realistic Traffic Generator - Stateless support
 
Segment Routing
Segment RoutingSegment Routing
Segment Routing
 
2 what is the best firewall (sizing)
2 what is the best firewall (sizing)2 what is the best firewall (sizing)
2 what is the best firewall (sizing)
 
The Basic Introduction of Open vSwitch
The Basic Introduction of Open vSwitchThe Basic Introduction of Open vSwitch
The Basic Introduction of Open vSwitch
 
EVPN Introduction
EVPN IntroductionEVPN Introduction
EVPN Introduction
 
How BGP Works
How BGP WorksHow BGP Works
How BGP Works
 
Cisco Live Milan 2015 - BGP advance
Cisco Live Milan 2015 - BGP advanceCisco Live Milan 2015 - BGP advance
Cisco Live Milan 2015 - BGP advance
 
Using MikroTik routers for BGP transit and IX points
Using MikroTik routers for BGP transit and IX points Using MikroTik routers for BGP transit and IX points
Using MikroTik routers for BGP transit and IX points
 
Palo alto networks product overview
Palo alto networks product overviewPalo alto networks product overview
Palo alto networks product overview
 
Large BGP Communities
Large BGP CommunitiesLarge BGP Communities
Large BGP Communities
 
Palo alto-review
Palo alto-reviewPalo alto-review
Palo alto-review
 
macvlan and ipvlan
macvlan and ipvlanmacvlan and ipvlan
macvlan and ipvlan
 
17 palo alto threat prevention concept
17 palo alto threat prevention concept17 palo alto threat prevention concept
17 palo alto threat prevention concept
 
BGP on mikrotik
BGP on mikrotikBGP on mikrotik
BGP on mikrotik
 
Access Network Evolution
Access Network Evolution Access Network Evolution
Access Network Evolution
 

Similar to FastNetMon Advanced DDoS detection tool

DDOS Mitigation Experience from IP ServerOne by CL Lee
DDOS Mitigation Experience from IP ServerOne by CL LeeDDOS Mitigation Experience from IP ServerOne by CL Lee
DDOS Mitigation Experience from IP ServerOne by CL LeeMyNOG
 
Integrating Unified Communications and Collaboration on an Aruba Access Network
Integrating Unified Communications and Collaboration on an Aruba Access NetworkIntegrating Unified Communications and Collaboration on an Aruba Access Network
Integrating Unified Communications and Collaboration on an Aruba Access NetworkAruba, a Hewlett Packard Enterprise company
 
Continuum pcap-oem
Continuum pcap-oemContinuum pcap-oem
Continuum pcap-oemblabadini
 
DDoS Attacks - Scenery, Evolution and Mitigation
DDoS Attacks - Scenery, Evolution and MitigationDDoS Attacks - Scenery, Evolution and Mitigation
DDoS Attacks - Scenery, Evolution and MitigationWilson Rogerio Lopes
 
Leveraging Network Offload to Accelerate SDN and NFV Deployments
Leveraging Network Offload to Accelerate SDN and NFV DeploymentsLeveraging Network Offload to Accelerate SDN and NFV Deployments
Leveraging Network Offload to Accelerate SDN and NFV DeploymentsNetronome
 
Detecting Spoofing at IXPs
Detecting Spoofing at IXPsDetecting Spoofing at IXPs
Detecting Spoofing at IXPsAPNIC
 
Detecting spoofing at IxP's
Detecting spoofing at IxP'sDetecting spoofing at IxP's
Detecting spoofing at IxP'sTom Paseka
 
IPVS for Docker Containers
IPVS for Docker ContainersIPVS for Docker Containers
IPVS for Docker ContainersBob Sokol
 
[En] IPVS for Docker Containers
[En] IPVS for Docker Containers[En] IPVS for Docker Containers
[En] IPVS for Docker ContainersAndrey Sibirev
 
DDoS Attacks in 2017: Beyond Packet Filtering
DDoS Attacks in 2017: Beyond Packet FilteringDDoS Attacks in 2017: Beyond Packet Filtering
DDoS Attacks in 2017: Beyond Packet FilteringQrator Labs
 
Exploiting First Hop Protocols to Own the Network - Paul Coggin
Exploiting First Hop Protocols to Own the Network - Paul CogginExploiting First Hop Protocols to Own the Network - Paul Coggin
Exploiting First Hop Protocols to Own the Network - Paul CogginEC-Council
 
FastNetMon and Metrics
FastNetMon and MetricsFastNetMon and Metrics
FastNetMon and MetricsAltinity Ltd
 
DDos, Peering, Automation and more
DDos, Peering, Automation and moreDDos, Peering, Automation and more
DDos, Peering, Automation and moreInternet Society
 
Netflix Open Connect: Delivering Internet TV to the world
Netflix Open Connect: Delivering Internet TV to the worldNetflix Open Connect: Delivering Internet TV to the world
Netflix Open Connect: Delivering Internet TV to the worldInternet Society
 
TRex Traffic Generator - Hanoch Haim
TRex Traffic Generator - Hanoch HaimTRex Traffic Generator - Hanoch Haim
TRex Traffic Generator - Hanoch Haimharryvanhaaren
 
PLNOG14: Czy można żyć bez systemu ochrony przed atakami DDoS - Marek Janik
PLNOG14: Czy można żyć bez systemu ochrony przed atakami DDoS - Marek JanikPLNOG14: Czy można żyć bez systemu ochrony przed atakami DDoS - Marek Janik
PLNOG14: Czy można żyć bez systemu ochrony przed atakami DDoS - Marek JanikPROIDEA
 
Dccp evaluation for sip signaling ict4 m
Dccp evaluation for sip signaling ict4 m Dccp evaluation for sip signaling ict4 m
Dccp evaluation for sip signaling ict4 m Agus Awaludin
 
HKNOG 1.0 - DDoS attacks in an IPv6 World
HKNOG 1.0 - DDoS attacks in an IPv6 WorldHKNOG 1.0 - DDoS attacks in an IPv6 World
HKNOG 1.0 - DDoS attacks in an IPv6 WorldTom Paseka
 

Similar to FastNetMon Advanced DDoS detection tool (20)

DDOS Mitigation Experience from IP ServerOne by CL Lee
DDOS Mitigation Experience from IP ServerOne by CL LeeDDOS Mitigation Experience from IP ServerOne by CL Lee
DDOS Mitigation Experience from IP ServerOne by CL Lee
 
Integrating Unified Communications and Collaboration on an Aruba Access Network
Integrating Unified Communications and Collaboration on an Aruba Access NetworkIntegrating Unified Communications and Collaboration on an Aruba Access Network
Integrating Unified Communications and Collaboration on an Aruba Access Network
 
Continuum pcap-oem
Continuum pcap-oemContinuum pcap-oem
Continuum pcap-oem
 
Accelerated SDN in Azure
Accelerated SDN in AzureAccelerated SDN in Azure
Accelerated SDN in Azure
 
DDoS Attacks - Scenery, Evolution and Mitigation
DDoS Attacks - Scenery, Evolution and MitigationDDoS Attacks - Scenery, Evolution and Mitigation
DDoS Attacks - Scenery, Evolution and Mitigation
 
Leveraging Network Offload to Accelerate SDN and NFV Deployments
Leveraging Network Offload to Accelerate SDN and NFV DeploymentsLeveraging Network Offload to Accelerate SDN and NFV Deployments
Leveraging Network Offload to Accelerate SDN and NFV Deployments
 
Detecting Spoofing at IXPs
Detecting Spoofing at IXPsDetecting Spoofing at IXPs
Detecting Spoofing at IXPs
 
Detecting spoofing at IxP's
Detecting spoofing at IxP'sDetecting spoofing at IxP's
Detecting spoofing at IxP's
 
IPVS for Docker Containers
IPVS for Docker ContainersIPVS for Docker Containers
IPVS for Docker Containers
 
[En] IPVS for Docker Containers
[En] IPVS for Docker Containers[En] IPVS for Docker Containers
[En] IPVS for Docker Containers
 
DDoS Attacks in 2017: Beyond Packet Filtering
DDoS Attacks in 2017: Beyond Packet FilteringDDoS Attacks in 2017: Beyond Packet Filtering
DDoS Attacks in 2017: Beyond Packet Filtering
 
Tale of a New Bangladeshi NIX
Tale of a New Bangladeshi NIXTale of a New Bangladeshi NIX
Tale of a New Bangladeshi NIX
 
Exploiting First Hop Protocols to Own the Network - Paul Coggin
Exploiting First Hop Protocols to Own the Network - Paul CogginExploiting First Hop Protocols to Own the Network - Paul Coggin
Exploiting First Hop Protocols to Own the Network - Paul Coggin
 
FastNetMon and Metrics
FastNetMon and MetricsFastNetMon and Metrics
FastNetMon and Metrics
 
DDos, Peering, Automation and more
DDos, Peering, Automation and moreDDos, Peering, Automation and more
DDos, Peering, Automation and more
 
Netflix Open Connect: Delivering Internet TV to the world
Netflix Open Connect: Delivering Internet TV to the worldNetflix Open Connect: Delivering Internet TV to the world
Netflix Open Connect: Delivering Internet TV to the world
 
TRex Traffic Generator - Hanoch Haim
TRex Traffic Generator - Hanoch HaimTRex Traffic Generator - Hanoch Haim
TRex Traffic Generator - Hanoch Haim
 
PLNOG14: Czy można żyć bez systemu ochrony przed atakami DDoS - Marek Janik
PLNOG14: Czy można żyć bez systemu ochrony przed atakami DDoS - Marek JanikPLNOG14: Czy można żyć bez systemu ochrony przed atakami DDoS - Marek Janik
PLNOG14: Czy można żyć bez systemu ochrony przed atakami DDoS - Marek Janik
 
Dccp evaluation for sip signaling ict4 m
Dccp evaluation for sip signaling ict4 m Dccp evaluation for sip signaling ict4 m
Dccp evaluation for sip signaling ict4 m
 
HKNOG 1.0 - DDoS attacks in an IPv6 World
HKNOG 1.0 - DDoS attacks in an IPv6 WorldHKNOG 1.0 - DDoS attacks in an IPv6 World
HKNOG 1.0 - DDoS attacks in an IPv6 World
 

More from Pavel Odintsov

DDoS Challenges in IPv6 environment
DDoS Challenges in IPv6 environmentDDoS Challenges in IPv6 environment
DDoS Challenges in IPv6 environmentPavel Odintsov
 
Network telemetry for DDoS detection presentation
Network telemetry for DDoS detection presentationNetwork telemetry for DDoS detection presentation
Network telemetry for DDoS detection presentationPavel Odintsov
 
DDoS Defense Mechanisms for IXP Infrastructures
DDoS Defense Mechanisms for IXP InfrastructuresDDoS Defense Mechanisms for IXP Infrastructures
DDoS Defense Mechanisms for IXP InfrastructuresPavel Odintsov
 
Flowspec contre les attaques DDoS : l'expérience danoise
Flowspec contre les attaques DDoS : l'expérience danoiseFlowspec contre les attaques DDoS : l'expérience danoise
Flowspec contre les attaques DDoS : l'expérience danoisePavel Odintsov
 
Detectando DDoS e intrusiones con RouterOS
Detectando DDoS e intrusiones con RouterOSDetectando DDoS e intrusiones con RouterOS
Detectando DDoS e intrusiones con RouterOSPavel Odintsov
 
DeiC DDoS Prevention System - DDPS
DeiC DDoS Prevention System - DDPSDeiC DDoS Prevention System - DDPS
DeiC DDoS Prevention System - DDPSPavel Odintsov
 
Lekker weer nlnog_nlnog_ddos_fl
Lekker weer nlnog_nlnog_ddos_flLekker weer nlnog_nlnog_ddos_fl
Lekker weer nlnog_nlnog_ddos_flPavel Odintsov
 
Lekker weer nlnog_how_to_avoid_buying_expensive_routers
Lekker weer nlnog_how_to_avoid_buying_expensive_routersLekker weer nlnog_how_to_avoid_buying_expensive_routers
Lekker weer nlnog_how_to_avoid_buying_expensive_routersPavel Odintsov
 
Janog 39: speech about FastNetMon by Yutaka Ishizaki
Janog 39: speech about FastNetMon by Yutaka IshizakiJanog 39: speech about FastNetMon by Yutaka Ishizaki
Janog 39: speech about FastNetMon by Yutaka IshizakiPavel Odintsov
 
Protect your edge BGP security made simple
Protect your edge BGP security made simpleProtect your edge BGP security made simple
Protect your edge BGP security made simplePavel Odintsov
 
Keeping your rack cool
Keeping your rack cool Keeping your rack cool
Keeping your rack cool Pavel Odintsov
 
Detecting and mitigating DDoS ZenDesk by Vicente De Luca
Detecting and mitigating DDoS ZenDesk by Vicente De LucaDetecting and mitigating DDoS ZenDesk by Vicente De Luca
Detecting and mitigating DDoS ZenDesk by Vicente De LucaPavel Odintsov
 
Blackholing from a_providers_perspektive_theo_voss
Blackholing from a_providers_perspektive_theo_vossBlackholing from a_providers_perspektive_theo_voss
Blackholing from a_providers_perspektive_theo_vossPavel Odintsov
 
DDoS detection at small ISP by Wardner Maia
DDoS detection at small ISP by Wardner MaiaDDoS detection at small ISP by Wardner Maia
DDoS detection at small ISP by Wardner MaiaPavel Odintsov
 
Distributed Denial of Service Attack - Detection And Mitigation
Distributed Denial of Service Attack - Detection And MitigationDistributed Denial of Service Attack - Detection And Mitigation
Distributed Denial of Service Attack - Detection And MitigationPavel Odintsov
 
Nanog66 vicente de luca fast netmon
Nanog66 vicente de luca fast netmonNanog66 vicente de luca fast netmon
Nanog66 vicente de luca fast netmonPavel Odintsov
 
Containers in real world презентация
Containers in real world презентацияContainers in real world презентация
Containers in real world презентацияPavel Odintsov
 

More from Pavel Odintsov (20)

DDoS Challenges in IPv6 environment
DDoS Challenges in IPv6 environmentDDoS Challenges in IPv6 environment
DDoS Challenges in IPv6 environment
 
Network telemetry for DDoS detection presentation
Network telemetry for DDoS detection presentationNetwork telemetry for DDoS detection presentation
Network telemetry for DDoS detection presentation
 
DDoS Defense Mechanisms for IXP Infrastructures
DDoS Defense Mechanisms for IXP InfrastructuresDDoS Defense Mechanisms for IXP Infrastructures
DDoS Defense Mechanisms for IXP Infrastructures
 
Flowspec contre les attaques DDoS : l'expérience danoise
Flowspec contre les attaques DDoS : l'expérience danoiseFlowspec contre les attaques DDoS : l'expérience danoise
Flowspec contre les attaques DDoS : l'expérience danoise
 
Detectando DDoS e intrusiones con RouterOS
Detectando DDoS e intrusiones con RouterOSDetectando DDoS e intrusiones con RouterOS
Detectando DDoS e intrusiones con RouterOS
 
DeiC DDoS Prevention System - DDPS
DeiC DDoS Prevention System - DDPSDeiC DDoS Prevention System - DDPS
DeiC DDoS Prevention System - DDPS
 
Lekker weer nlnog_nlnog_ddos_fl
Lekker weer nlnog_nlnog_ddos_flLekker weer nlnog_nlnog_ddos_fl
Lekker weer nlnog_nlnog_ddos_fl
 
Lekker weer nlnog_how_to_avoid_buying_expensive_routers
Lekker weer nlnog_how_to_avoid_buying_expensive_routersLekker weer nlnog_how_to_avoid_buying_expensive_routers
Lekker weer nlnog_how_to_avoid_buying_expensive_routers
 
Janog 39: speech about FastNetMon by Yutaka Ishizaki
Janog 39: speech about FastNetMon by Yutaka IshizakiJanog 39: speech about FastNetMon by Yutaka Ishizaki
Janog 39: speech about FastNetMon by Yutaka Ishizaki
 
Protect your edge BGP security made simple
Protect your edge BGP security made simpleProtect your edge BGP security made simple
Protect your edge BGP security made simple
 
Keeping your rack cool
Keeping your rack cool Keeping your rack cool
Keeping your rack cool
 
Jon Nield FastNetMon
Jon Nield FastNetMonJon Nield FastNetMon
Jon Nield FastNetMon
 
Detecting and mitigating DDoS ZenDesk by Vicente De Luca
Detecting and mitigating DDoS ZenDesk by Vicente De LucaDetecting and mitigating DDoS ZenDesk by Vicente De Luca
Detecting and mitigating DDoS ZenDesk by Vicente De Luca
 
Blackholing from a_providers_perspektive_theo_voss
Blackholing from a_providers_perspektive_theo_vossBlackholing from a_providers_perspektive_theo_voss
Blackholing from a_providers_perspektive_theo_voss
 
SIG-NOC Tools Survey
SIG-NOC Tools SurveySIG-NOC Tools Survey
SIG-NOC Tools Survey
 
DDoS detection at small ISP by Wardner Maia
DDoS detection at small ISP by Wardner MaiaDDoS detection at small ISP by Wardner Maia
DDoS detection at small ISP by Wardner Maia
 
Distributed Denial of Service Attack - Detection And Mitigation
Distributed Denial of Service Attack - Detection And MitigationDistributed Denial of Service Attack - Detection And Mitigation
Distributed Denial of Service Attack - Detection And Mitigation
 
Nanog66 vicente de luca fast netmon
Nanog66 vicente de luca fast netmonNanog66 vicente de luca fast netmon
Nanog66 vicente de luca fast netmon
 
03 estrategia-ddos
03 estrategia-ddos03 estrategia-ddos
03 estrategia-ddos
 
Containers in real world презентация
Containers in real world презентацияContainers in real world презентация
Containers in real world презентация
 

Recently uploaded

SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024Lorenzo Miniero
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek SchlawackFwdays
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity PlanDatabarracks
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsRizwan Syed
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteDianaGray10
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .Alan Dix
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxNavinnSomaal
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfAlex Barbosa Coqueiro
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Scott Keck-Warren
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Mattias Andersson
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Manik S Magar
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.Curtis Poe
 
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningLars Bell
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyAlfredo García Lavilla
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubKalema Edgar
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxLoriGlavin3
 

Recently uploaded (20)

SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity Plan
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test Suite
 
DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special EditionDMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special Edition
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptx
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdf
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?
 
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptxE-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.
 
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine Tuning
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easy
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
 

FastNetMon Advanced DDoS detection tool

  • 2. PROJECT HISTORY • 2013 Q2 project founded • 2013 Q3 mirror port support • 2014 Q2 sFlow support • 2014 Q3 Netflow 5, 9 support • 2015 Q1 IPFIX support • 2015 Q2 added to official FreeBSD ports • 2016 Q3 integration with A-10 Networks TPS • 2017 Q1 integration with Radware Defense Flow • 2018 Q1 FastNetMon joined to WorksOnARM.com
  • 3. KEY FEATURES • Supports all types of volumetric attacks • Does not require changes in your network • Complete automation • Lightning fast detection • Software only solution • BGP integration (BGP unicast and BGP flow spec) • Support almost all possible traffic capture engines
  • 4. KEY FEATURES FOR BUSINESS • Reduce cost for additional capacity • Reduce overall service downtime • Decrease number of incoming abuses • Additional service for customers to increase ARPU • Reduce cost for precise DDoS filtering hardware • Reduce cost for DDoS filtering clouds
  • 6. LIGHTNING FAST ATTACK DETECTION • 2 seconds with mirror • 2-3 seconds with sFlow • 10-30 seconds with NetFlow/IPFIX
  • 7. TRAFFIC CAPTURE BACKENDS • sFlow v5 (switches) • Netflow v5, v9 (including sampled version), v10 (IPFIX), jFlow, cFlow (routers) • SPAN/MIRROR (1GE, 10GE, 40GE) • Tera Flow (distributed monitoring protocol)
  • 8. SUPPORTED ATTACK TYPES • NTP, DNS, SNMP, SSDP amplification • TCP SYN/ACK/SYN-ACK floods • UDP floods • Multi vector attacks • Reflection attacks
  • 9. UNLIMITED SCALABILITY • sFlow v5 – 1.2 Tbps* • NetFlow – 2.2 Tbps* • Mirror/SPAN – 80 GE* • Distributed with Tera Flow - unlimited *all numbers for single physical server
  • 10. ACTIONS TRIGGERED FOR DETECTED ATTACK • E-mail notification • BGP Blackhole • BGP flow spec, RFC 5575 • Slack notification • API call • Web request • Script call
  • 11. EXTREMELY FAST DELIVERY • Works on any VM or physical server • Less then 15 minutes to install and configure FastNetMon on new server! • Network Engineer friendly CLI interface • Learn almost all configuration automatically!
  • 12. DETECTION LOGIC Two levels: • Threshold based (based on host’s smoothed traffic) • Hyper packet engine for deep flow / packet inspection using statistics approach • • • • •
  • 13. BETWEEN THE CLOUD AND NETWORK EQUIPMENT • You could use FastNetMon together with precise filtering hardware (A-10 Networks, Radware, Palo-Alto Networks) • You could use FastNetMon with your favourite DDoS filtering cloud • You could use FastNetMon to isolate attacked customer in special network using BGP or BGP or BGP Flow Spec redirect
  • 15. ATTACK AND TRAFFIC VISUALIZATION
  • 17. RICH ATTACK REPORTS IP: 10.10.10.221Attack type: syn_flood Initial attack power: 546475 packets per second Peak attack power: 546475 packets per second Attack direction: incoming Attack protocol: tcp Total incoming traffic: 245 mbps Total outgoing traffic: 0 mbps Total incoming pps: 99059 packets per second Total outgoing pps: 0 packets per second Total incoming flows: 98926 flows per second Total outgoing flows: 0 flows per second Average incoming traffic: 45 mbps Average outgoing traffic: 0 mbps Average incoming pps: 99059 packets per second Average outgoing pps: 0 packets per second Average incoming flows: 98926 flows per second Average outgoing flows: 0 flows per second Incoming ip fragmented traffic: 250 mbps Outgoing ip fragmented traffic: 0 mbps Incoming ip fragmented pps: 546475 packets per second Outgoing ip fragmented pps: 0 packets per second Incoming tcp traffic: 250 mbps Outgoing tcp traffic: 0 mbps Incoming tcp pps: 546475 packets per second Outgoing tcp pps: 0 packets per second Incoming syn tcp traffic: 250 mbps Outgoing syn tcp traffic: 0 mbps Incoming syn tcp pps: 546475 packets per second Outgoing syn tcp pps: 0 packets per second Incoming udp traffic: 0 mbps Outgoing udp traffic: 0 mbps Incoming udp pps: 0 packets per second Outgoing udp pps: 0 packets per second Incoming icmp traffic: 0 mbps Outgoing icmp traffic: 0 mbps
  • 19. DEVELOPER FRIENDLY • API for FastNetMon operations (using fcli) • MongoDB for configuration • JSON everywhere • API for traffic persistency • API for metrics