Flowtriq Blog | DDoS Detection Guides & Attack Analysis
Detection, Mitigation & Response

Detect and mitigate DDoS attacks in under 1 second, respond automatically, and keep your users informed.

All features →
1-Second Detection
Know the instant traffic spikes. PPS checked every second.
Attack Classification
Identifies 8 attack types with protocol-level confidence scores.
Node Firewall Rules
Per-server iptables, null-routes, CDN rules & scripts.
Cloud Scrubbing
Auto-divert to Cloudflare, OVH, or Hetzner on attack detection.
BGP Mitigation
Auto-deploy FlowSpec, RTBH blackhole & rate-limiting via BGP.
Multi-Channel Alerts
Discord, Slack, PagerDuty, OpsGenie, SMS, email, webhooks.
PCAP Capture
Full packet capture with AI-powered forensic analysis.
Layer 7 Detection
HTTP flood, credential stuffing, API abuse & bot detection.
Automated Runbooks
Chain mitigation steps into automated incident response playbooks.
Analytics Baselines Threat Intel & IOC Multi-Node Status Pages Correlation Audit Log Attack Profiles Flow Collection
Learn
Documentation Quick Start API Reference Agent Setup DDoS Protection Landscape State of DDoS 2026 REPORT Free Certifications NEW
Research & Guides
Mirai Botnet Kill Switch Research memcached Amplification Dynamic Baselines PCAP Forensics PagerDuty Setup
Company
About Us Partners Whitelabel / Reseller Affiliate Program Pay with Crypto System Status
Legal & Support
Contact Us Terms Privacy SLA
Who Uses Flowtriq

From indie hosts to ISPs, see how teams like yours use Flowtriq to detect and stop DDoS attacks.

Talk to Us →
Infrastructure
Hosting Providers ISPs MSPs/MSSPs Small Operators Routers Edge Node Defense
Gaming
Game Server Hosting Game Studios
Business
SaaS Platforms E-Commerce Financial Services Compliance NEW

Blog

Attack postmortems.
Engineering deep-dives.

Practical guides from engineers who've been DDoS'd and learned from it.

All Post-Mortem Attack Analysis Original Research Engineering Forensics Integrations Mitigations Fundamentals Tools Comparisons
Post-Mortem

We stopped a 48 Gbps attack during a live event: full technical breakdown

NTP amplification reflector distribution, SYN flood source analysis, the FlowSpec rules that fired, PCAP forensics, and a second-by-second timeline of the March 27 Lorikeet Security incident.

Apr 26, 202615 min readRead article →
Post-Mortem

How Lorikeet Security stopped a live DDoS attack mid-training, without dropping a single student

When a multi-vector DDoS attack hit Lorikeet Security's live cybersecurity training event mid-session, Flowtri...

12 min read →
Post-Mortem

OVHcloud 2024: 840 million packets per second and the MikroTik problem

How compromised MikroTik routers were weaponized for packet-rate attacks peaking at 840 Mpps, why PPS matters ...

13 min read →
Post-Mortem

HTTP/2 Rapid Reset: the zero-day that hit 398M requests per second

CVE-2023-44487 exploited HTTP/2 stream multiplexing to generate the largest application-layer DDoS ever record...

13 min read →
Post-Mortem

AWS 2020: dissecting the 2.3 Tbps CLDAP reflection attack

A technical post-mortem of the February 2020 CLDAP reflection attack: 2.3 Tbps of amplified traffic via UDP po...

12 min read →
Post-Mortem

GitHub 2018: inside the 1.35 Tbps memcached DDoS that changed everything

How a 15-byte UDP request to exposed memcached servers generated 1.35 Tbps of amplified traffic, no botnet req...

14 min read →
Post-Mortem

Dyn 2016: how 100,000 IoT devices took down half the internet

Three waves of DNS query floods from a Mirai botnet brought Dyn's managed DNS to its knees, taking Twitter, Ne...

15 min read →

Newsletter

Attack analysis in your inbox

One email a month. Real attack postmortems, detection techniques, and engineering insights. No marketing fluff.

No spam. Unsubscribe any time.