Sella NMS was created to provide an extendable high performance network management system with network discovery, monitoring, and detailed reporting capabilities that keep up to date with a living network. As new devices and interfaces are added or removed from your network, the changes are automatically detected and handled.
PHREL is a per host rate limiter. It will track the rate of incoming traffic on a server and insert a chain into iptables when a configured threshold is crossed. The inserted chain may either rate limit or block the offending host for a period of time. The inserted chain is automatically removed when the offending host's traffic levels return to normal. PHREL is particularly well suited to protecting nameservers (DNS) from random hosts that flood requests, and to preventing SSH brute force login attempts.
CBLM is a high performance latency (one-way and round-trip), packet loss, and jitter monitoring probe. When run on two or more servers, a full mesh of connections is automatically set up between the probes, between which UDP packets are transmitted. Statistics are collected and stored within a MySQL database.
For those of you dealing with your nameserver being attacked and your logs being filled with messages such as "named[xxxx]: client x.x.x.x#yyyy: error sending response: host unreachable", you can use PHREL to block the abuse and stop the log messages. For smaller traffic nameservers, you can set a threshold of 15pps with a rate of 0 to dynamically block the majority of these attacks. Larger traffic nameservers may need to use a slightly higher threshold.
Here's an example command line for phreld to block this:
phreld -p 53 -T 15:0