FastNetMon - 一個高性能的DoS/DDoS負載分析器

FastNetMon是一個高性能的DoS/DDoS負載分析器，構建在多個數據包捕獲引擎之上 (NetFlow, IPFIX, sFLOW, netmap, PF_RING, PCAP).

特性：

• Can process incoming and outgoing traffic
• Can trigger block script if certain IP loads network with a large amount of packets/bytes/flows per second
• Could announce blocked IPs to BGP router with ExaBGP
• Have integration with Graphite
• netmap support (open source; wire speed processing; only Intel hardware NICs or any hypervisor VM type)
• Supports L2TP decapsulation, VLAN untagging and MPLS processing in mirror mode
• Can work on server/soft-router
• Can detect DoS/DDoS in 1-2 seconds
• Tested up to 10GE with 12 Mpps on Intel i7 3820 with Intel NIC 82599
• Complete plugin support
• Have complete support for most popular attack types
</ul>

支持的平臺:

• Linux (Debian 6/7/8, CentOS 6/7, Ubuntu 12+)
• FreeBSD 9, 10, 11
• Mac OS X Yosemite

What is "flow" in FastNetMon terms? It's one or multiple udp, tcp, icmp connections with unique src IP, dst IP, src port, dst port and protocol.

Main program screen image:



Example for cpu load on Intel i7 2600 with Intel X540/82599 NIC on 400 kpps load:

Example deployment scheme:



項目主頁：http://www.baiduhome.net/lib/view/home/1431931079739