"What can we do? We can detect hosts in our networks sending or receiving large volumes of packets/bytes/flows per second. We can call an external script to notify you, switch off a server, or blackhole the client.
…
Why did we write this? Because we can't find any software for solving this problem in the open source world!
What is a "flow" in FastNetMon terms? It's one or multiple UDP, TCP, or ICMP connections with unique src IP, dst IP, src port, dst port, and protocol."
A flow is defined as a unidirectional sequence of packets with some common properties that pass through a network device. [...] for example, flow records include details such as IP addresses, packet and byte counts, timestamps, Type of Service (ToS), application ports, input and output interfaces, etc.
Are there some good open source scrubbing center projects you might be able to recommend?
Also might you have any resources or links to how these scrubbing services are implemented, what heuristics they use etc?
I understand the front end of DDOS mitigation i.e netflows, BGP communities and RTBH, and GRE tunnels to the scrubbing centers. However the details of how the scrubbing centers works is something of a mystery to me.
When looking at any of the big DDOS provider's literature, the scrubbing centers are mostly just opaque boxes with little documentation on how they actually work.
Probably, we went away from the topic. Feel free to raise PR if you want to have DOTS in FastNetMon. We'll review it carefully and if it fits our design guidance we will accept it.
What's generally the state of the art in open source home/small office network monitoring? I would like to know and query/audit communication patterns of my devices. While maintaining privacy -> no cloud based commercial products.
Thanks. Sounds pretty hard if you're not a networking expert, and just have a cable modem plus wifi box. There's definitely a space for an easy to install solution here. Raspberry Pi based perhaps?
"What can we do? We can detect hosts in our networks sending or receiving large volumes of packets/bytes/flows per second. We can call an external script to notify you, switch off a server, or blackhole the client.
…
Why did we write this? Because we can't find any software for solving this problem in the open source world!
What is a "flow" in FastNetMon terms? It's one or multiple UDP, TCP, or ICMP connections with unique src IP, dst IP, src port, dst port, and protocol."