FAQ

How the system works?

We have partnership with multiple network service providers, some users also contribute their netflow traffic to us, plus, there is a dedicated ddos botnet c&c tracking system in place to provide insights.

Combining all these data sources, we are able to compute and monitor quite a big chunk of ongoing global ddos attacks.

How do I use the system?

User may creates monitored objects they are interested, the objects could be fqdn, zone, ip or ip blocks. Then the system will automatically track traffic going to the defined objects.

If a traffic spike is detected with an object, an event is generated and the user can receive an email notification.

How do I use DDoSMon API?

DDoSMon provide RESTful API, you can do just about most things you can do on ddosmon.net via the customer dashboard.
Before access the API, you need apply a API key for authentication at first. More information about API, please read API documentation.

Any time delay regarding to ddos alert? Can you fix that?

There is an approximately 15min delay for every ddos alert, it just has things to do with how the network traffic data flows.
At this stage, we are not planning to hack it.

My site uses CDN, and it changes ip all the time!

The system has this in mind, it tracks ip changes, and automatically picks up new ip in real time and retires the old ones(timeout period 30 mins).

How many monitored objects can I add?

At this point, every single user can setup up to 10 monitored objects. (ip, ip blocks, fqdn, zone all combined).

Note: the zone has to match the user email zone.

How can I make contribution?

We would love to have netflow traffic from your network. With more data feeds, everyone has better ddos visibility.

Drop us an email at ddosmon@360.cn if you are willing to provide netflow data.

Who is behind the ddosmon project?

Network Security Research Lab at Qihoo 360, and we can be reached at ddosmon@360.cn.

For more infomation about Qihoo 360, see the wikipedia