fastnetmon-1.1.7p2 – DDoS detector with multiple packet capture engines (cvsweb github mirror)

Description

FastNetMon is a very high performance DDoS detector built on top of
multiple packet capture engines: NetFlow, IPFIX, sFLOW.

It could detect malicious traffic in your network and immediately block
it with BGP blackhole or BGP flow spec rules.

It has solid support for all top network vendors and has unlimited
scalability due to flexible design.

WWW: https://fastnetmon.com/guides/

Readme

+-----------------------------------------------------------------------
| Running ${PKGSTEM} on OpenBSD
+-----------------------------------------------------------------------

NetFlow input from pf
---------------------
By default FastNetMon listens on port 2055 for incoming NetFlow data. This can
be obtained from pflow(4). Minimal pf.conf addition to export all states through
pflow(4):

	set state-defaults pflow

And create a pflow0 with:

	# ifconfig pflow0 flowsrc 127.0.0.1 flowdst 127.0.0.1:2055

The default protocol version (5) works fine with FastNetMon.

Configuration
-------------
At the very minimum the known networks need to be recorded in
${SYSCONFDIR}/fastnetmon/networks_list in CIDR notation, otherwise all traffic
is classified as "other traffic".

Also a notification script needs to be configured and installed to actually
perform a ban. A stub is provided in
${PREFIX}/share/examples/fastnetmon/notify_about_attack.sh

Maintainer

The OpenBSD ports mailing-list

Only for arches

aarch64 alpha amd64 arm hppa i386 mips64 mips64el powerpc powerpc64 riscv64 sh sparc64

Categories

net security

Library dependencies

Build dependencies

Files

Ports Readmes 7.52, created on 2024-11-14, powered by Dancer 1.3521