Spoofing detection
Karl Morin
Fastnetmon already has a list of all connections on the network and IPs that are supposed to be on the network (with the networks list)
It would be awesome to have a grafana dashboard that lists all the connections that have a source IP (traffic going out the network) that is not within the network range
That way we can easily identify if our network is sending out any spoofed IPs
m
maxid
Hi. The best way to avoid this traffic is Appling BCP38 or similar to avoid spoofing traffic outgoing.
F
FastNetMon
Hello!
Thank you for feedback!
I think this capability will benefits your case: https://features.fastnetmon.com/feature-requests/p/add-mac-addresses-for-clickhouse-traffic-database
You can see other traffic which does not belong to any of your prefixes in fastntemon.log this way:
sudo fcli set main dump_other_traffic true
sudo fcli commit
As another option you can use filter by packetDirection in traffic database: https://fastnetmon.com/docs-fnm-advanced/fastnetmon-advanced-traffic-persistency/
Check "packetDirection".
We're keep to fight spoofing and if you have more ideas please share them with us!