PREV
NEXT

  • DDoS Detection Software

    Wanguard Sensor identifies volumetric DDoS attacks using an exceptionally fast and innovative traffic anomaly detection engine. It continuously analyzes over 130 traffic-related metrics against user-defined thresholds while profiling normal user behavior to detect unusual traffic spikes. Upon detecting a threat, the software can automatically trigger predefined response actions — such as sending notification emails, announcing prefixes via BGP, generating SNMP traps, modifying ACLs, or executing custom scripts through an intuitive API that exposes more than 80 traffic parameters. Wanguard Sensor supports multiple detection methods, including packet sniffing and flow analysis.

  • On-premise DDoS Mitigation

    Wanguard Filter ensures zero downtime for customers and services during Distributed Denial of Service (DDoS) attacks by automatically mitigating threats without requiring operator intervention. Designed to neutralize both DoS and DDoS attacks, it filters out malicious traffic on-premises and notifies the attacker’s Internet Service Provider. Harmful packets are blocked through intelligent, dynamic filtering rules applied on stateless software or hardware firewalls, as well as on BGP Flowspec-compatible routers. The system can operate inline within the main data path or redirect traffic via BGP on/off-ramping to dedicated packet-scrubbing servers.

  • Full Network Traffic Visibility

    Both Wanguard and Wansight deliver comprehensive network traffic visibility through distributed Sensors (“probes”) that capture IP packets, query SNMP devices, and analyze flow records exported via NetFlow, NetStream, jFlow, sFlow, and IPFIX. All collected data is presented in an intuitive web-based interface featuring customizable dashboards, real-time traffic graphs, and in-depth top statistics. Users can easily generate advanced analytics with aggregated data across hosts, IP groups, interfaces, applications, protocols, autonomous systems, and countries; visualize precise bandwidth utilization for thousands of IPs; and inspect raw packets and flow records.

  • Flow Collector and Analyzer

    Wanguard and Wansight include a Flow Sensor component — a fully featured flow analyzer and collector that supports all major flow technologies, including NetFlow (versions 5, 7, and 9), IETF IPFIX, and sFlow (versions 4 and 5). It features a highly scalable traffic correlation engine capable of continuously monitoring hundreds of thousands of IPv4 and IPv6 addresses and ranges. Flow data can be stored indefinitely in a compressed binary format, enabling long-term traffic analysis. Users can generate top lists and a wide variety of aggregation reports, while powerful filtering expressions make it easy to query individual flows for rapid, ad-hoc forensic investigations.

  • Packet Sniffer and Payload Analyzer

    Wanguard and Wansight include a Packet Sensor component that inspects IP packets by sniffing 10/40/100 Gbps port-mirrored or in-line interfaces at wire speed. It features a fully scalable IP traffic analysis engine capable of monitoring, in real time, tens of thousands of IPv4 and IPv6 addresses and ranges. Users can capture and store packet dumps for forensic investigation or network troubleshooting. Packet dumps can be downloaded or viewed directly in a Wireshark-like interface that displays detailed OSI Layer 7 information, along with hexadecimal raw and ASCII data suitable for regular expression analysis. The Packet Sensor supports Libpcap, DPDK, PF_RING, and Netmap.

Andrisoft Wanguard
Feature Highlights:

WANSIGHT and WANGUARD can be installed from RedHat-compatible packages built for i686 ( 32 bit Intel or AMD ) and x86_64 ( 64 bit Intel or AMD ) architectures. The installation steps listed below contain references only to 64 bit packages. To install the packages on 32 bit CPUs, simply change the "x86_64" string with "i686". All packages were tested on RedHat Enterprise Linux 5.x, CentOS 5.x and Fedora 8.  

WANconsole-5.4-0.i686.rpm The Console is a web portal that provides single-point management and reporting for WANSIGHT and WANGUARD.
WANconsole-5.4-0.x86_64.rpm
WANsensor-5.4-0.i686.rpm The Sensor is the WANSIGHT and WANGUARD component that does traffic accounting, monitoring and analysis.
WANsensor-5.4-0.x86_64.rpm
WANfilter-5.4-0.i686.rpm The Filter is the WANGUARD component able to detect and scrub malicious traffic.
WANfilter-5.4-0.x86_64.rpm
WANsupervisor-5.4-0.i686.rpm The Supervisor provides routines used to start, shutdown and monitor WANSIGHT and WANGUARD components.
WANsupervisor-5.4-0.x86_64.rpm
WANbgp-5.4-0.noarch.rpm The WANbgp package is used by WANGUARD for sending BGP routing announcements.
WANGUARD_5_4.pdf WANGUARD 5.4 User Guide.
WANSIGHT_5_4.pdf WANSIGHT 5.4 User Guide.

 

CONSOLE
INSTALLATION
STEPS:		 Step 1. Install the Console's dependencies
First make sure you have the required packages installed. On CentOS and Fedora systems you should use the yum package manager. On RedHat Enterprise systems you should use the up2date package manager.
[root@localhost ~]# yum install mysql mysql-server httpd php php-cli php-mysql perl-MailTools perl-DBD-MySQL perl-Net-Telnet quagga libart_lgpl php-snmp wget which tcpdump ruby gettext php-ldap cairo pango wireshark tcpdump openssl rrdtool rrdtool-perl ntp

Step 2. Configure the MySQL server
By default, the MySQL server does not have any password set. You must start the MySQL server, set a password for the MySQL root user, and make sure that old_passwords=0 in /etc/my.cnf ! If you deploy the Sensor or Filter on remote systems, make sure that the MySQL server is accessible by opening port 3306 in the firewall.
[root@localhost ~]# nano /etc/my.cnf #set "old_passwords=0", "max_allowed_packet=64M", "max_connections=300" and "skip-name-resolve" in the [mysqld] section
[root@localhost ~]# service mysqld start
[root@localhost ~]# /usr/bin/mysqladmin -u root password 'new-password'
[root@localhost ~]# service mysqld restart
[root@localhost ~]# chkconfig --level 345 mysqld on

Step 3. Install the Supervisor and Console
Install the WANsupervisor and WANconsole packages. The WANbgp package is not needed for WANSIGHT.
[root@localhost ~]# wget http://www.andrisoft.com/files/redhat5/WANsupervisor-5.4-0.x86_64.rpm
[root@localhost ~]# wget http://www.andrisoft.com/files/redhat5/WANconsole-5.4-0.x86_64.rpm
[root@localhost ~]# wget http://www.andrisoft.com/files/redhat5/WANbgp-5.4-0.noarch.rpm
[root@localhost ~]# rpm -Uvh --nodeps ./WANbgp-5.4-0.noarch.rpm
[root@localhost ~]# rpm -Uvh --nodeps ./WANsupervisor-5.4-0.x86_64.rpm ./WANconsole-5.4-0.x86_64.rpm ./WANbgp-5.4-0.noarch.rpm

Step 4. Configure the Apache server
Please check if your distribution has PHP version 5.2 or above with the "rpm -aq | grep php" command. If it doesn't please install PHP 5.2 from another source, for example http://wiki.centos.org/HowTos/PHP_5.1_To_5.2. Add the "zend_extension=/opt/andrisoft/webroot/ixed/ixed.5.2.lin" for PHP 5.2 or "zend_extension=/opt/andrisoft/webroot/ixed/ixed.5.3.lin" for PHP 5.3 in php.ini, in the [PHP] section. Also, change magic_quotes_gpc to Off.
[root@localhost ~]# nano /etc/php.ini #add zend_extension=/opt/andrisoft/webroot/ixed/ixed.5.2.lin, and make sure the magic_quotes_gpc are Off
[root@localhost ~]# service httpd restart
[root@localhost ~]# setenforce 0 ; nano /etc/selinux/config #set SELINUX=permissive

Step 5. Install the Console's database
Configure the Console by running the /opt/andrisoft/bin/install_console script. You will have to enter the MySQL root password you set on step 2, and provide a new Console database password.
[root@localhost ~]# /opt/andrisoft/bin/install_console

Step 6. Configure and start the Supervisor
The WANsupervisor daemon must be installed and started on all systems. You have to run the /opt/andrisoft/bin/install_supervisor script to enter the Console's IP address and database password you set on step 5. If the Supervisor and Console are installed on the same system, don't use the loopback address 127.0.0.1 for the Console's IP address. Use the IP address of the server instead.
[root@localhost ~]# /opt/andrisoft/bin/install_supervisor
[root@localhost ~]# service WANsupervisor start
[root@localhost ~]# chkconfig --level 345 WANsupervisor on

Step 7. Access the Console
The Console web interface is accessible by pointing your web browser to http://<hostname>/wansight or http://<hostname>/wanguard, where <hostname> is the name of the server running the Console. The default username is "admin" with the password "changeme".
Continue installing the Sensor by following the steps below.
SENSOR
INSTALLATION 
STEPS:		 Step 1. Install the Sensor's dependencies
Make sure you have dependencies installed.
[root@localhost ~]# yum install wget mysql ntp

Step 2. Install, configure and start the Supervisor
This step is required if you haven't previously installed and configured WANsupervisor on the target system. In order to configure the Supervisor, you have to run the /opt/andrisoft/bin/install_supervisor script to enter the Console's IP address and database password.
[root@localhost ~]# wget http://www.andrisoft.com/files/redhat5/WANsupervisor-5.4-0.x86_64.rpm
[root@localhost ~]# rpm -Uvh --nodeps ./WANsupervisor-5.4-0.x86_64.rpm
[root@localhost ~]# /opt/andrisoft/bin/install_supervisor
[root@localhost ~]# service WANsupervisor start
[root@localhost ~]# chkconfig --level 345 WANsupervisor on

Step 3. Install the Sensor
Install the WANsensor package.
[root@localhost ~]# wget http://www.andrisoft.com/files/redhat5/WANsensor-5.4-0.x86_64.rpm
[root@localhost ~]# rpm -Uvh --nodeps ./WANsensor-5.4-0.x86_64.rpm

Step 4. Setup the Sensor
Log into the Console to setup the Sensor(s). Sensors are started, monitored and stopped by the WANsupervisor daemon, so make sure the WANsupervisor service is always running.

FILTER
INSTALLATION
STEPS:		 Step 1. Install the Filter's dependencies
Make sure you have dependencies installed. The quagga package is needed only if bgpd will be running on the filtering server.
[root@localhost ~]# yum install quagga perl-Net-Telnet perl-DBD-MySQL wget mysql ntp
[root@localhost ~]# service bgpd start

Step 2. Install, configure and start the Supervisor
This step is necessary if you haven't previously installed and configured WANsupervisor on the target system. In order to configure the Supervisor, you have to run the /opt/andrisoft/bin/install_supervisor script to enter the Console's IP address and database password.
[root@localhost ~]# wget http://www.andrisoft.com/files/redhat5/WANsupervisor-5.4-0.x86_64.rpm
[root@localhost ~]# rpm -Uvh --nodeps ./WANsupervisor-5.4-0.x86_64.rpm
[root@localhost ~]# /opt/andrisoft/bin/install_supervisor
[root@localhost ~]# service WANsupervisor start
[root@localhost ~]# chkconfig --level 345 WANsupervisor on

Step 3. Remove local firewall rules
The iptables service overrules the Filter, and therefore has to be stopped. The Filter will manage the firewall rules from now on.
[root@localhost ~]# chkconfig --level 2345 iptables off
[root@localhost ~]# service iptables stop

Step 4. Install the Filter
Install the WANsensor and WANfilter packages.
[root@localhost ~]# wget http://www.andrisoft.com/files/redhat5/WANsensor-5.4-0.x86_64.rpm
[root@localhost ~]# wget http://www.andrisoft.com/files/redhat5/WANfilter-5.4-0.x86_64.rpm
[root@localhost ~]# rpm -Uvh ./WANbgp-5.4-0.noarch.rpm ./WANsensor-5.4-0.x86_64.rpm
[root@localhost ~]# rpm -Uvh --nodeps ./WANfilter-5.4-0.x86_64.rpm

Step 5. Setup the Filter
Log in to the Console to set up Filter(s). Filters are started, monitored and stopped by the WANsupervisor daemon, so make sure the WANsupervisor service is always running.

Company News

IP Monitoring & Anti-DDoS Software Solutions

Andrisoft develops innovative and cost-effective Linux-based applications designed for Network Administrators and Security Experts managing large-scale IP networks, including Telecoms, ISPs, Cloud Hosting Data Centers, CDNs, and DDoS Mitigation Services:

Wansight delivers bandwidth monitoring, IP accounting and in-depth traffic analysis. It includes a Flow Sensor that analyzes flow records exported via Cisco NetFlow, IPFIX, and sFlow, as well as a Packet Sensor that inspects traffic from in-line deployments, network TAPs, or through port mirroring. A web-based, OS-independent Console provides centralized management and reporting through an intuitive interface.

Wanguard extends Wansight with DDoS detection and DDoS mitigation capabilities. It protects networks and critical services from Distributed Denial of Service attacks by filtering malicious traffic through dynamic rules applied to software or hardware firewalls at the network perimeter. It supports automated response mechanisms, RTBH, BGP Flowspec, traffic diversion, scripting, and clustering for scalable, resilient protection.

DDoS Protection in Five Easy Steps

alt 1. Discover Wanguard, our solution for monitoring and protecting networks against DDoS attacks.

alt 2. Fill in the evaluation request form in order to receive the download link and a free 30-day trial license key.

alt 3. Build your very own DDoS mitigation appliance by installing our software on a spare Linux server.

alt 4. Use the fully-featured trial version for 30 days. Our engineers will assist you free of charge.

alt 5. Buy cost-effective software licenses, at any time, from our online store. The licensing cost also covers support.

Wanguard 8.5 was released! Changelog and upgrade instructions at: https://t.co/4UIyox14bQ.
Follow Andrisoft on X
Join our Newsletter to receive the latest news from us!

  OUR CLIENTS  

  • Telecom Operators: HUAWEI | VODAFONE | ORANGE | JT GLOBAL | BITE LITHUANIA | MOLDTELECOM | JUPITER TELECOMMUNICATIONS

  • Internet Service Providers: GOOGLE FIBER | YELLOWFIBER | SKYLOGIC EUTELSAT | 1&1 VERSATEL | NETCOLOGNE | SOLCON NETHERLANDS

  • Cloud / VPS Hosting Providers: DIGITALOCEAN | LEASEWEB | FLEXENTIAL | WEEBLY | VPS.NET | EAPPS | SERVERPOINT

  • Software & Services: IBM CORPORATION | MOZILLA CORPORATION | NAMECHEAP | GANDI SAS | ALLEGRO | MBANK | TF1 FRANCE

  • Security / Anti-DDoS Services: GIGENET | BLACKLOTUS | KODDOS | ROKASECURITY | DOSARREST | SERVERIUS

  • Data Centers: EQUINIX | PHOENIXNAP | CORE-BACKBONE | BSO NETWORK | ASCENTY | PLUSSERVER | MYLOC MANAGED IT