FastNetMon is a very high performance DDoS detector built on top of multiple packet capture engines: NetFlow, IPFIX, sFlow and SPAN/port mirror.
It could detect malicious traffic in your network and immediately block it with BGP blackhole or BGP flow spec rules.
It has solid support for all top network vendors and has unlimited scalability due to flexible design.
You could integrate FastNetMon into any existing network without any changes and additional hardware!
Based on our record, OPNsense seems to be a lot more popular than FastNetMon. While we know about 94 links to OPNsense, we've tracked only 3 mentions of FastNetMon. We are tracking product recommendations and mentions on various public social media platforms and blogs. They can help you identify which product is more popular and what people think of it.
If you have a BGP peering with you ISP/upstream provider, ask them if they have a blackhole community you can broadcast to. Usually they are ASN:666. The only downside is you would only be able to advertise your IP address to that, essentially killing your internet (if that's your only IP) as long as the block is up. We usually set our filter to 15 minutes and most attackers give up after that. At this level, you... Source: 11 months ago
Have you looked at fastnetmon ? It's freemium and It looks like the commercial version would work you, but I think the community edition is aslo worth a look. It's primary function is to detect DDOS attacks, but it can export data in ways that might be useful to you. Source: almost 2 years ago
To mitigate DoS attacks means you need information - preferably before the users start screaming. Running sampling on your edge router with something like Fastnetmon will give you alerting of a probable DDoS attack before it becomes a significant problem. Source: over 2 years ago
Firmware's like Asuswrt-Merlin or OpenWRT can support dynamic-dns, or you can do like I do and run something like OPNsense in an x86 VM with a NIC passed through, or buy an inexpensive firewall appliance (up to 500mbps/1gbps/10gbps). Source: 5 months ago
The easiest solution is to buy your own router, set it up, disable the router functionality on the Fritzbox 7590 and plug your router into it. It'll be cheaper and easier than a Cisco Firewall, but if you want to go the dedicated firewall route then I would recommenced OPNsense. Source: 5 months ago
BSDs may not have a significant presence on desktops, but they're well known in the networking world for their reliability. They also were the foundation used to build OSes for specific applications. OpnSense and XigmaNAS, for example, are two excellent FreeBSD based applications aimed at firewalling/security and NAS/services. https://opnsense.org/ https://xigmanas.com/xnaswp/. - Source: Hacker News / 10 months ago
For switches? OpenWrt supports a few models toward the lower end, and SONiC support a bunch at the higher-end datacenter ToR market, but none of these options are SME production-ready like Linux servers or OPNsense firewalls. Source: 11 months ago
That’s a stupid policy, and it looks like one of my UDMs is defective. I’m an idiot for not just buying good quality open boxes and putting https://opnsense.org/ on them. 🤦🏻♂️. Source: 11 months ago
Andrisoft WanGuard - DDoS protection software solution for networks. Attacks detected by NetFlow,NetStream,sFlow,jFlow,IPFIX,Port Mirroring and mitigated with firewall filters
pfSense - pfSense is a free and open source firewall and router that also features unified threat management, load balancing, multi WAN, and more
NetVizura NetFlow Analyzer - NetFlow Analyzer is a solution for bandwidth monitoring and traffic analysis. It helps with traffic investigation, analysis and reporting
MikroTik RouterOS - The main product of MikroTik is a Linux-based operating system known as MikroTik RouterOS.
Arbor - Easily manage product development
OpenWrt - OpenWrt is an open-source firmware based on Linux for wireless routers