Analysis updated 2026-07-03
Monitor your network for DDoS attacks and receive email alerts within two seconds of an attack starting.
Automatically announce a victim IP address to BGP peers so upstream routers drop the attack traffic at the network edge.
Ingest NetFlow or sFlow data from existing routers and visualize per-IP traffic in Grafana dashboards.
Set per-IP thresholds for packets per second and trigger a custom mitigation script when a threshold is crossed.
| pavel-odintsov/fastnetmon | facebookresearch/habitat-sim | antimicrox/antimicrox | |
|---|---|---|---|
| Stars | 3,664 | 3,664 | 3,661 |
| Language | C++ | C++ | C++ |
| Setup difficulty | hard | hard | easy |
| Complexity | 4/5 | 5/5 | 2/5 |
| Audience | ops devops | researcher | general |
Figures from each repo's GitHub metadata at analysis time.
Requires router-side NetFlow or sFlow configuration pointing at the monitoring server, BGP mitigation also requires access to a BGP peering session.
FastNetMon is a network traffic monitoring tool that detects DDoS attacks within seconds. It watches the flow of traffic on a network and raises an alert or takes automated action when any single IP address sends or receives an unusually large volume of data. It is built in C++ and is developed by FastNetMon LTD, a UK company. This repository is the Community Edition, which is free and open source. A commercial Advanced edition with additional features is also available separately. The tool works by receiving traffic information from the network in several standard formats: NetFlow (a protocol from Cisco routers), IPFIX, sFlow, or direct port mirroring where a copy of every packet is sent to the monitoring server. Each format is a different way that routers and switches can report what traffic is passing through them. FastNetMon processes that information at high speed and compares it against configurable thresholds you set for packets per second, bytes per second, or flows per second. When a threshold is crossed, the tool can take several actions: send you an email notification, run a custom script, or announce the affected IP address to your routers via BGP (a routing protocol) so the routers automatically stop forwarding traffic to that IP. This last option is a common way to drop a DDoS attack at the network edge. Detection happens within one to two seconds of the attack starting. The tool integrates with standard monitoring and data infrastructure: Prometheus, Grafana, InfluxDB, Graphite, Kafka, Redis, ClickHouse, and MongoDB. Hardware vendor integrations for Juniper, A10 Networks, and MikroTik are included. IPv6 is fully supported. Installation packages are available for Linux, macOS via Homebrew, and FreeBSD.
A high-speed network monitoring tool that detects DDoS attacks within one to two seconds by watching traffic from routers and automatically sending alerts or announcing attacked IPs to BGP peers for instant blocking.
Mainly C++. The stack also includes C++, NetFlow, sFlow.
Setup difficulty is rated hard, with roughly 1day+ to a first successful run.
Mainly ops devops.
This repo across BitVibe Labs
Verify against the repo before relying on details.