We are currently using FastnetMon Advanced as DDoS mitigation for our solution.
Fastnetmon primarily mitigates attacks by announcing the host IP via BGP/Flowspec or blackholing(RTBH), notify scripts and eBPF/XDP depending on the deployment.
This effectively protects the infrastructure, it also means the protected service becomes unavailable to legitimate users during the attack.
Is there a recommended way in FastNetMon Advanced to mitigate attacks by blocking or filtering the attacker (source) IPs instead of the destination (host) IP?
If Yes, then what is the recommended approach? Are people integrating it with XDP/eBPF, nftables, ipset, or other firewall mechanisms?
I'd be interested in understanding how this is typically handled in production deployments and what the recommended architecture is.
Thanks.