Community Edition

It’s a high-performance DDoS detector/sensor built on top of multiple packet capture engines: NetFlow, IPFIX, sFlow, AF_PACKET (port mirror).

What do we do?

We detect hosts in the deployed network sending or receiving large volumes of traffic, packets/bytes/flows per second and
perform a configurable action to handle that event. These configurable actions include notifying you, calling script or making BGP announcements.

Project

🌏️ Official site
🌟️ Author
📜️ Author LinkedIN

Legal

Author and legal owner: Pavel Odintsov

Installation

• Linux install instructions
• macOS install instructions
• FreeBSD port
• VyOS bundled support

Supported packet capture engines

• NetFlow v5, v9, v9 Lite
• IPFIX
• v5
• PCAP
• AF_PACKET (recommended)
• AF_XDP (XDP based capture)
• Netmap (deprecated, still supported only for FreeBSD)
• PF_RING / PF_RING ZC (deprecated, available only for CentOS 6 in 1.2.0)

Features

• Detects DoS/DDoS in as little as 1-2 seconds
• Scales up to terabits on single server (sFlow, Netflow, IPFIX) or to 40G + in mirror mode
• Trigger block/notify script if an IP exceeds defined thresholds for packets/bytes/flows per second
• Thresholds can be configured per-subnet basis with the hostgroups feature
• Email notifications about detected attack
• Complete IPv6 support
• Prometheus support: system metrics and total traffic counters
• Flow and packet export to Kafka in JSON and Protobuf format
• Announce blocked IPs via BGP to routers with ExaBGP or GoBGP (recommended)
• Full integration with Clickhouse InfluxDB and Graphite
• API
• Redis integration
• MongoDB protocol support compatible with native MongoDB and FerretDB
• VLAN untagging in mirror and sFlow modes
• Capture attack fingerprints in PCAP format

We track multiple platform and environment-specific metrics to understand ways how our product is being used and prioritise development accordingly.

Official support groups:

• Mailing list
• Slack
• IRC: #fastnetmon at irc.libera.chat:6697 (TLS) web client
• Telegram: fastnetmon
• Discord: fastnetmon

Follow us at social media:

• LinkedIn

Complete integration with the following vendors

• Juniper integration
• A10 Networks Thunder TPS Appliance integration
• MikroTik RouterOS

Screenshots

Command line interface

Standard Grafana dashboard

Example deployment scheme

CI build status

Upstream versions in different distributions