DDoS monitoring and prevention

Question

DDoS monitoring and prevention

I want to monitor my anti-DDoS network and found that someone found a snapshot of the DDoS monitoring screen. Can anyone tell me which software this is after seeing the snapshot.

enter image description here

+3

ddos monitoring alert nms

User4283 03 Apr At 16:53

source to share

2 answers

Definitely a screenshot from Arbor Peakflow. Great product, but the eye is very expensive.

0

discoape 11 Apr 17 at 19:52

source to share

Adam Fili · Accepted Answer · 2012-05-22T21:30:09+0000

I don't recognize this particular gui, but it might be a snort Gui's setting.

You can use snort to achieve your goal, there are currently 4 snort gui projects active. here is the description:

BASE

The underlying parsing and security engine was based on the old ACID codebase. The ACID GUI (which is now dead and has been around for about five or six years) was a college project written by contributor Carnegie Mellon. It hasn't been actively developing since 2003. BASE, a fork of the ACID code, took up the original author, added many new features and made it easier to use, multilingual, and a highly functional GUI. There were plans to redesign BASE, including the database format it reads from, but Kevin Johnson, the original BASE project manager, has since left the project and turned the project over to new management. However, it remains the most popular Snort GUI with over 215,000 downloads. BASE is written in PHP and has several dependencies. BASE has its own #secureideas IRC channel, although rarely is there anyone.so most people turn to the default #snort for help.

Snorby

A relative newcomer to the Snort GUI field, Snorby uses a variety of "Web 2.0" effects and rendering, providing the user with a very clean and well-functioning tool. This appears to be the real "hot" web interface for Snort. While it has a lot of BASE functionality (and a lot more, hotkeys, classification, iOS interface and actual PDF reporting) and not like SGUIL (in terms of architecture), it is extremely easy to deploy, looks fantastic, and performs very well. like an alert browser. Snorby's code is hosted on Github, here. Another advantage of Snorby is that it integrates with the OpenFPC project. Functioning similar to how SGUIL collects all information on the network using Full Packet Capture (FPC),Snorby gives you the ability to not only view the Snort alert, but also view the alerts in context with the rest of the packet stream on the network.The Snorby IRC Channel can be found at #snorby.

SQueRT

Pavel wrote about SQueRT. SQueRT uses the SGuil database format and is also web based. You can see screenshots and download them from the link above.

Comparison of these three is also here

There are many more projects but are currently inactive, with the exception of squil . The most active projects you can use today are SQueRT and Snorby

DDoS monitoring and prevention

More articles: