We have partnership with multiple network service providers, some users also contribute their netflow traffic to us, plus, there is a dedicated ddos botnet c&c tracking system in place to provide insights.
Combining all these data sources, we are able to compute and monitor quite a big chunk of ongoing global ddos attacks.
User may creates monitored objects they are interested, the objects could be fqdn, zone, ip or ip blocks. Then the system will automatically track traffic going to the defined objects.
If a traffic spike is detected with an object, an event is generated and the user can receive an email notification.
DDoSMon provide RESTful API, you can do just about most things you can do on ddosmon.net via the customer dashboard.
Before access the API, you need apply a API key for authentication at first. More information about API, please read API documentation.
There is an approximately 15min delay for every ddos alert, it just has things to
do with how the
network traffic data flows.
At this stage, we are not planning to hack it.
The system has this in mind, it tracks ip changes, and automatically picks up new ip in real time and retires the old ones(timeout period 30 mins).
At this point, every single user can setup up to 10 monitored objects. (ip, ip blocks, fqdn, zone all combined).
Note: the zone has to match the user email zone.
We would love to have netflow traffic from your network. With more data feeds, everyone has better ddos visibility.
Drop us an email at email@example.com if you are willing to provide netflow data.
Network Security Research Lab at Qihoo 360, and we can be reached at firstname.lastname@example.org.
For more infomation about Qihoo 360, see the wikipedia