https://docs.mitigator.ru/v26.04/en/tags/tutorial/ Recent content in Tutorial on BIFIT Mitigator Hugo -- gohugo.io en https://docs.mitigator.ru/v26.04/en/kb/quick-setup/ Mon, 01 Jan 0001 00:00:00 +0000 https://docs.mitigator.ru/v26.04/en/kb/quick-setup/ The materials in this article are intended to facilitate understanding of the protection organizing basic principles using MITIGATOR. Below is an example of setting up the system in the first iteration. First, all packets are processed in “General Protection”, then 5-tuple routing rules distribute traffic to protection policies, and after the policies, the traffic returns to “General Protection” for the remaining countermeasures. Processing of back traffic from the protected resource is not considered in this article. https://docs.mitigator.ru/v26.04/en/kb/system-checklist/ Mon, 01 Jan 0001 00:00:00 +0000 https://docs.mitigator.ru/v26.04/en/kb/system-checklist/ List of steps Set up network integration. Specify a license key and set limits. Set up interaction via BGP. Upload GeoIP databases into the system. Set up delivery channels for system event notifications. Set up notifications via syslog. Enable protection. (Optional) Upload logos and background images for various interface themes. (Optional) Select the interface theme type and graph display style. Details 1. Set up network integration. The configuration is performed independently for each instance of the system and is based on the composition of the network infrastructure and the tasks to be solved. https://docs.mitigator.ru/v26.04/en/kb/policy-checklist/ Mon, 01 Jan 0001 00:00:00 +0000 https://docs.mitigator.ru/v26.04/en/kb/policy-checklist/ List of steps Make sure the routing rules for the policy are set. Configure the policy to display only the necessary countermeasures. Set up countermeasures. Set up automatic packet capture. Set up autodetection. (Optional) Check the effect on legitimate traffic via the test mode. Enable protection policy. (Optional) Configure the log analyzer. (Optional) Pin countermeasure graphs. Details 1. Make sure the routing rules for the policy are set. Make sure that the routing rules are set for the policy on the “Policy Setup” tab of the “Protection policy” page. https://docs.mitigator.ru/v26.04/en/kb/bpf/api/ Mon, 01 Jan 0001 00:00:00 +0000 https://docs.mitigator.ru/v26.04/en/kb/bpf/api/ API Documentation Overview Programs are loaded into MITIGATOR as ELF object files. They can use the API functions from mitigator_bpf.h (download). The compatibility policy applies to BPF. A minimal program must place metadata and code into the correct sections of the object file using macros: #include "mitigator_bpf.h" ENTRYPOINT enum Result program(Context ctx) { return RESULT_PASS; } PROGRAM_DISPLAY_ID("Example v0.1") Typically, programs are written in C and compiled with clang (EBPF support added in GCC 10). https://docs.mitigator.ru/v26.04/en/kb/bpf/ Mon, 01 Jan 0001 00:00:00 +0000 https://docs.mitigator.ru/v26.04/en/kb/bpf/ “Programmable filter” (BPF) may be used to create custom countermeasures if the existing ones are not sufficient. Writing programs requires basic programming skills, but allows to solve complex tasks quickly: Protection for applications and protocols that are not supported yet. There’s no need to contact developers and wait for the next release if one understand how an application works and how to protect its traffic. More complex filters than the ACL and REX countermeasures allow.