Why didn't checked other traffic or internal traffic for DDOS detection?

[mahdi1001]

Fastnetmon is good, and it is very fast. We want match "other traffic" and "internal traffic" with ddos detection. but only incoming and outgoing traffic match with ddos detection. is it impossible?!!!

[pavel-odintsov]

Hello!

Unfortunately we haven't support for tracking internal traffic.

But "other" traffic means "not your network traffic" so it's speaking about mistake in configuration (you lost some network in /etc/networks_list) or spoofied traffic in your network.

In normal case should have zero counters for other traffic.

[mahdi1001]

Hello :) OK, but support for tracking internal traffic is very necessary. Has it the solution?!

[pavel-odintsov]

Hello,

You should add all your networks in /etc/networks_list in CIDR form. After this FastNetMon will detect traffic direction and you could get zero "other" counter.

[mahdi1001]

TNX. OK, but support for tracking internal traffic is very necessary. Has it the solution?! If my change all direction to outgoing in source code for support tracking , is it correct? has it problem? fro example: in function "get_packet_direction" return just "OUTGOING" for support tracking in all traffic.

[pavel-odintsov]

Hello!

Yep, it's possible. But it's very dirty hack. You could replace this line (packet_direction = INTERNAL;): https://github.com/pavel-odintsov/fastnetmon/blob/1740d754dc1017c298b4a3227705ce7c4b6f0f88/src/fast_library.cpp#L844

By this code:

        subnet = destination_subnet;
        subnet_cidr_mask = destination_subnet_cidr_mask;

        packet_direction = INCOMING;

[XCM-jj]

Hello : repleace (packet_direction = INTERNAL;): can help support "internal traffic" ?

replease it need reinstall ?

thank you .