FAQ

Do you sell appliances?

No. However, any potential customer has a good relationship with at least one hardware vendor, leading to a better per-box price.

What are the software/hardware requirements?

PacketDam runs on CentOS 6/x86_64 and FreeBSD 9/amd64. Please refer to the FreeBSD and CentOS Compatibility Lists. For 1Gbps deployments, any entry-level server with gigabit onboard adapters is suitable. 10Gbps requires SMP and PCI-E x4/x8 cards. Myricom Sniffer10G cards are preferred, but other vendors, such as Endace or Napatech, are also recommended.

Is NetFlow supported?

No. While NetFlow is excellent for traffic accounting, it is inherently too slow for DDoS detection. Most routers have a minimum flow expiry timer of 60 seconds. For increased accuracy, statistics need to be gathered over even longer intervals, thus adding unacceptable delay to the alert process.

How about sFlow?

Yes.

Is there a GUI?

No. Since target companies already have OSS solutions, binding them to yet another interface made no sense. PacketDam can plug into these systems via XML-RPC.