DDoS detection for
German network operators.
DENOG brings together Germany's ISPs, carriers, and network engineers multiple times a year. If automated DDoS mitigation is on your agenda, here's a tool built for operators who care about how the code actually works — $9.99/node/month, kernel-level detection, automated BGP FlowSpec.
Built for the DENOG community
From DE-CIX peering to regional ISPs — Flowtriq is designed for operators who demand technical honesty.
The pricing reality
What FastNetMon actually costs in 2026
FastNetMon's LiveView dashboard ($70/user/month) launched April 2026 on top of the existing $115+/month Advanced license. Here's the real number for a NOC team.
Advanced license (10G): $115/month. LiveView dashboard: $70 × 3 users. Dedicated server: ~$100/month.
FastNetMon
- $115/mo base + $70/user/mo dashboard
- Dedicated server required (~$60–150/mo)
- 30–60s latency via NetFlow
- No PCAP forensics
- Automated FlowSpec unreliable
- Trial by application — gated
Flowtriq — $9.99/node/month
- $9.99/node/month — unlimited users, dashboard included
- No dedicated server — runs on existing hosts
- <1s detection — kernel-level, unsampled
- PCAP with pre-attack ring buffer
- Confidence-gated FlowSpec + auto-rollback
- 7-day free trial — no card, no application
Feature comparison
FastNetMon Advanced vs Flowtriq
The full technical breakdown for operators who read source code.
| Capability | FastNetMon Advanced + LiveView | Flowtriq |
|---|---|---|
| Detection | ||
| Detection method | NetFlow / sFlow / IPFIX (sampled) | Kernel-level per-packet, unsampled |
| Detection latency | 30–60s | <1 second |
| Attack classification | Flood type only | 7 families + confidence score |
| L7 HTTP flood detection | L3/L4 only | Access log parsing |
| BGP & Mitigation | ||
| BGP RTBH blackhole | Yes | Yes |
| BGP FlowSpec | Advanced only | Included |
| Automated FlowSpec | Manual (false positives block automation) | Confidence-gated + auto-rollback |
| BGP speaker support | ExaBGP, GoBGP | ExaBGP, GoBGP, BIRD 2, FRRouting |
| Detection → BGP in <2s | No | Yes |
| Forensics & Evidence | ||
| PCAP capture | Not available | Pre-attack ring buffer |
| AI incident summaries | No | Yes |
| Operations | ||
| Web dashboard | +$70/user/mo | Included, unlimited users |
| REST API + Terraform | API Advanced only; no Terraform | Both included |
| Prometheus metrics | Advanced only | 15+ metric families |
| Dedicated server required | Yes | No |
Technical architecture
How Flowtriq works
No hand-waving. Here's the actual implementation.
Kernel-level capture
AF_PACKET + BPF — every packet header inspected, unsampled, at line rate. No NetFlow infrastructure. No router changes.
EWMA baselines
Adaptive per-node baselines via EWMA. Auto-learns in ~5 minutes. No manual thresholds — survives diurnal patterns and traffic growth without false positives.
Confidence-gated FlowSpec
FlowSpec rules fire only above a confidence threshold. Auto-rollback when confidence drops post-announcement. BIRD 2, FRRouting, ExaBGP, GoBGP.
PCAP ring buffer
Rolling pre-attack buffer. At incident declaration, the buffer is flushed and attached to the incident record — packet-level evidence from before the attack peaked.
Resource footprint
<30 MB RAM, <0.1% CPU idle. systemd service. Any Linux kernel ≥ 3.10. No DPDK, no PF_RING, no kernel module required.
Multi-tenancy
Workspace-based RBAC (Owner, Admin, Analyst, Readonly). Manage customer nodes under separate workspaces with isolated alerting and reporting.
Start your trial — no application, no gatekeeping
7 days full access. No credit card. No bandwidth questionnaire. Deploy on any Linux server in 60 seconds.