Detection, Mitigation & Response

Detect and mitigate DDoS attacks in under 1 second, respond automatically, and keep your users informed.

All features →
1-Second Detection
Know the instant traffic spikes. PPS checked every second.
Attack Classification
Identifies 8 attack types with protocol-level confidence scores.
Node Firewall Rules
Per-server iptables, null-routes, CDN rules & scripts.
Cloud Scrubbing
Auto-divert to Cloudflare, OVH, or Hetzner on attack detection.
BGP Mitigation
Auto-deploy FlowSpec, RTBH blackhole & rate-limiting via BGP.
Multi-Channel Alerts
Discord, Slack, PagerDuty, OpsGenie, SMS, email, webhooks.
PCAP Capture
Full packet capture with AI-powered forensic analysis.
Layer 7 Detection
HTTP flood, credential stuffing, API abuse & bot detection.
Automated Runbooks
Chain mitigation steps into automated incident response playbooks.
Analytics Baselines Threat Intel & IOC Multi-Node Status Pages Correlation Audit Log Attack Profiles Flow Collection Mirror / SPAN Mode NEW
Learn
Documentation Quick Start API Reference Agent Setup DDoS Protection Landscape State of DDoS 2026 REPORT Free Certifications
Research & Guides
Mirai Botnet Kill Switch Research memcached Amplification Dynamic Baselines PCAP Forensics PagerDuty Setup
Company
About Us Partners Managed Protection Whitelabel / Reseller Affiliate Program Pay with Crypto System Status
Legal & Support
Contact Us Security Trust Center Terms Privacy SLA
Who Uses Flowtriq

From indie hosts to ISPs, see how teams like yours use Flowtriq to detect and stop DDoS attacks.

All Use Cases → Talk to Us →
Infrastructure
Hosting Providers ISPs MSPs/MSSPs Small Operators Routers Edge Node Defense Proxy Providers VPN Providers
Gaming & Entertainment
Game Server Hosting Game Studios Esports Platforms iGaming & Sportsbooks
Business & Emerging
SaaS Platforms E-Commerce Financial Services Compliance VoIP & Cloud Calling GPU & AI Cloud

Blog

Attack postmortems.
Engineering deep-dives.

Practical guides from engineers who've been DDoS'd and learned from it.

All Post-Mortem Attack Analysis Original Research Engineering Forensics Integrations Mitigations Fundamentals Tools Comparisons
Get attack analysis in your inbox
Monthly postmortems, detection techniques, and original research. No fluff.
Post-Mortem

We stopped a 48 Gbps attack during a live event: full technical breakdown

NTP amplification reflector distribution, SYN flood source analysis, the FlowSpec rules that fired, PCAP forensics, and a second-by-second timeline of the March 27 Lorikeet Security incident.

Apr 26, 202615 min readRead article →
Post-Mortem

How Lorikeet Security stopped a live DDoS attack mid-training, without dropping a single student

When a multi-vector DDoS attack hit Lorikeet Security's live cybersecurity training event mid-session, Flowtri...

12 min read →
Post-Mortem

OVHcloud 2024: 840 million packets per second and the MikroTik problem

How compromised MikroTik routers were weaponized for packet-rate attacks peaking at 840 Mpps, why PPS matters ...

13 min read →
Post-Mortem

HTTP/2 Rapid Reset: the zero-day that hit 398M requests per second

CVE-2023-44487 exploited HTTP/2 stream multiplexing to generate the largest application-layer DDoS ever record...

13 min read →
Post-Mortem

AWS 2020: dissecting the 2.3 Tbps CLDAP reflection attack

A technical post-mortem of the February 2020 CLDAP reflection attack: 2.3 Tbps of amplified traffic via UDP po...

12 min read →
Post-Mortem

GitHub 2018: inside the 1.35 Tbps memcached DDoS that changed everything

How a 15-byte UDP request to exposed memcached servers generated 1.35 Tbps of amplified traffic, no botnet req...

14 min read →
Post-Mortem

Dyn 2016: how 100,000 IoT devices took down half the internet

Three waves of DNS query floods from a Mirai botnet brought Dyn's managed DNS to its knees, taking Twitter, Ne...

15 min read →