Releases: pavel-odintsov/fastnetmon
FastNetMon Community 1.1.8 Bournemouth
- Complete IPv6 support for mirror, Netflow and IPFIX modes
- Support for BGP communities for announces over GoBGP (recommended BGP daemon)
- Mikrotik plug-in upgrade to support latest RouterOS auth methods
- Switched to using own version of OpenSSL
- Added cap'n'p dependency for new traffic streaming logic
- Switch to custom compiler (GCC 9.3) for all platforms
- Switch to C++ 14
- Switched to custom version of MongoC
- Added command line flag documentation for build / install scripts
- Significant code refactoring and modularisation
- Added logic to track return code from notify script calls
- Preparation to CentOS 6 support deprecation (EOL since November 30th, 2020)
FastNetMon Community 1.1.7 Crawley
- Completely new Netflow and IPFIX plugin which significantly improves performance, compatibility and security of protocol support
- Added support for sampled Netflow v9
- Completely new sFlow v5 plugin which significantly improves performance, compatibility and security of protocol support
- Completely new packet parser
- Deprecated sFlow v4
- Switched to C++ 11 on all platforms
- Made option to read list of networks from OpenVZ configurable and disabled it by default
FastNetMon Community 1.1.6 Folkestone
Changes:
- Native GoBGP support for BGP v4 Unicast
- gRPC based API support
- Command line client (fastnetmon_api_client) with options to block, unblock and list blocked hosts
- Enabled flow counters by default due to popularity
- CentOS 8 / RHEL 8 support
- Ubuntu 20.04 support
- Added CircleCI support and automatic night builds for binary packages
- Extracted build system from install script into fastnetmon_build.pl
- Binary packages (include GoBGP) for all leading Linux distributions
- Added support for artificial sampling rate in AF_PACKET mode
- Added option to control fanout mode in AF_PACKET
- Implemented dynamic feature detection for atomics and AF_PACKET
- Migration to C++ 11 capable compilers for all platform (CentOS 6 uses custom gcc 9.x compiler)
FastNetMon Community 1.1.5 Aberdeen
Changes:
- Updated json-c library to support modern compilers
- Disabled PF_RING by default, we suggest using AF_PACKET for mirror capture
- Disabled LUA Jit support due to very low demand
- Added support for multiple interfaces in AF_PACKET mode
- Disabled fixed CPU allocation for AF_PACKET to improve scalability
- Fixed bytes per second to mbits conversion to correct formula
- Updated Netmap API headers from version 11 to 14
FastNetMon 1.1.4 Inverness
Changes:
- Improved compatibility with new version of nDPI
- Improved integration with A-10 Networks with plugin
- Suppressed excessive logging about missing IPFIX options
- Improved configuration file parser
- Added option to specify custom file path to log file
- Added txt extension for attack dumps
- Switched Mikrotik integration code to well known Blackhole community number according to RFC7999
- Added support for Ubuntu 18.04
- Improved systemd unit to restart FastNetMon in case of crash
- Added notification about attacks in Mikrotik's global log file
- Fixed bug for IPv6 traffic direction detection code
- Added Debian 9 support
- Added Ubuntu 16.04 support
- Introduced option --use-modern-pf-ring to install latest PF_RING
- Removed code which uses x86 only features to improve portability
- FastNetMon will not not export empty metrics to Graphite
- Introduced cmake option to disable Netmap plugin completely
- Added ifconfig to dependencies for CentOS 7
- Added support for Memory Model Aware Atomic Operations to improve portability
- Added support for OpenBSD
- Disabled non-protable CPU affinity code for non-GNU libc platforms
- Added Juniper integration plugin
- Fixed insecure permissions for /tmp/fastnetmon.dat
- Fixed build process for json-c on systems with fresh gcc
FastNetMon 1.1.3
Hello, Dear customers!
I'm happy to announce new stable FastNetMon release!
We have a lot of changes here:
- Host groups support, custom thresholds for certain hosts: ca6112b
- AF_PACKET support: 96510ab
- Fix descriptor leak in Graphite integration code: 1c79f81
- Add support for cropped packets produced by Juniper in cropped mirror mode: 8ec3fe8
- Per protocol DDoS attack thresholds: 72e65b6
- Add support for multiple instances of FNM on same server: 3538ca9
- Add Redis support by default
- Add Sflow v4 support for old devices
- MongoDB support: ed13605
FastNetMon 1.1.2 - Everglades
Performance optimization. Add debug tools for netflow and pcap. Fix compatibility issues with FreeBSD and Mac OS X. Add subnet which attacked IP belongs to.
We have spent about 10 months for development of FastNetMon and could
present huge feature list now! :)
Stop! What is FastNetMon?
It's really very fast toolkit which could find attacked host in your
network and block it (or redirect to filtering appliance)
This solution could save your network and your sleep :)
Our site located here: https://fastnetmon.com
We support following engines for traffic capture:
- Netflow (v5, v9 and IPFIX)
- sFLOW v5
- port mirror/SPAN (PF_RING and netmap supported)
Also we have deep integration with ExaBGP (huge thanks to Thomas
Mangin) for triggering blackhole on the Core Router or upstream.
Since 1.0 version we have added support for following features:
- Ability to detect most popular attack types: syn_flood, icmp_flood,
udp_flood, ip_fragmentation_flood - Add support for Netmap for Linux (we have prepared special driver
for ixgbe users: https://github.com/pavel-odintsov/ixgbe-linux-netmap)
and FreeBSD. - Add support for PF_RING ZC (very fast but need license from ntop folks)
- Add ability to collect netflow v9/IPFIX data from multiple devices
with different templates set - Basic support for IPv6 (we could receive netflow data over IPv6)
- Add plugin support for capture engines
- Add support of L2TP decapsulation (important for DDoS attack
detection inside tunnel) - Add ability to store attack details in Redis
- Add Graphite/Grafana integration for traffic visualization
- Add systemd unit file
- Add ability to unblock host after some timeout
- Introduce support of moving average for all counters
- Add ExaBGP integration. We could announce attacked host with BGP to
border router or uplink - Add so much details in attack report
- Add ability to store attack fingerprint in file
We have complete support for following platforms:
- Fedora 21
- Debian 6, 7, 8
- CentOS 6, 7
- FreeBSD 9, 10, 11
- DragonflyBSD 4
- MacOS X 10.10
From network equipment side we have tested solution with:
- Cisco ASR
- Juniper MX
- Extreme Summit
- ipt_NETFLOW Linux
For any other operation systems we recommend automatic installer
script: https://github.com/pavel-odintsov/fastnetmon/blob/master/docs/INSTALL.md
Please join to our mail list or ask about anything here
https://groups.google.com/forum/#!forum/fastnetmon
Known bugs:
FastNetMon 1.1.1
Stable Netmap, PF_RING, sFLOW, NetFlow and IPFIX support. Support for Linux, FreeBSD and Mac OS X.
FastNetMon 1.1.0
Stable Netmap, PF_RING, sFLOW, NetFlow and IPFIX support.
FastNetMon 1.0.0
Version with PF_RING packet parser. I recommends this release for production use