Evaluating DDoS tools
at Taiwan Internet Week?
FastNetMon is the name you'll hear in the room. Before committing: their Advanced license starts at $115/month and the new LiveView dashboard adds $70/user/month on top. Flowtriq delivers sub-second detection, BGP FlowSpec, PCAP forensics, and unlimited team access at $9.99/node — runs on the Linux servers you already operate.
Built for your infrastructure
Flowtriq is used by ISPs, IXPs, hosting operators, and CDN providers — exactly the operators who show up at TWNOG.
The pricing reality
What FastNetMon actually costs in 2026
FastNetMon launched LiveView in April 2026 — a web dashboard billed separately at $70/user/month on top of the existing Advanced license. For a typical NOC team, the bill looks like this before a single server is protected.
FastNetMon Advanced (10G tier): $115/month. LiveView web dashboard: $70/user/month, billed separately. Dedicated server hardware: ~$100/month (not included in FastNetMon's pricing).
FastNetMon
- $115/mo base + $70/user/mo dashboard add-on
- Dedicated server required (~$60–150/mo extra)
- 30–60s detection latency via NetFlow
- No PCAP forensics
- No attack classification by type
- No L7 / HTTP flood detection
- No cloud API mitigations
- Trial by application — gated
Flowtriq — $9.99/node/month
- $9.99/node/month — unlimited users, dashboard included
- No dedicated server — agent on existing Linux hosts
- <1 second detection — kernel-level, unsampled
- PCAP with pre-attack ring buffer
- 9 attack families + confidence scoring
- L7 HTTP flood detection (nginx/apache/caddy logs)
- Cloud API mitigations (Cloudflare, DO, Vultr, Linode)
- 7-day free trial — no card, no application
Feature comparison
FastNetMon Advanced vs Flowtriq
For network engineers and NOC operators who need specifics before making a vendor decision.
| Capability | FastNetMon Advanced + LiveView | Flowtriq |
|---|---|---|
| Detection | ||
| Detection method | NetFlow / sFlow / IPFIX (sampled) | Kernel-level per-packet, unsampled |
| Detection latency | 30–60s (NetFlow export interval) | <1 second |
| Attack classification | Flood type only (bandwidth/packet/flow) | 7 families + confidence score |
| L7 HTTP flood detection | L3/L4 only | Access log parsing |
| Botnet source flagging | No | 300+ known botnet sources |
| BGP & Mitigation | ||
| BGP RTBH blackhole | Yes | Yes |
| BGP FlowSpec | Advanced only ($115+/mo) | Included at $9.99/node |
| Automated FlowSpec | Manual — false positives block automation | Confidence-gated + auto-rollback |
| BGP speaker support | ExaBGP, GoBGP | ExaBGP, GoBGP, BIRD 2, FRRouting |
| Detection → BGP announcement | Manual or delayed | <2 seconds end-to-end |
| iptables / nftables / XDP | Script-based | 46 automated rule types |
| Forensics & Evidence | ||
| PCAP capture | Not available | Pre-attack ring buffer + analyzer |
| AI incident summaries | No | Yes |
| Automated postmortems (PDF/HTML/JSON) | No | Yes |
| Hash-chained audit log | No | SHA-256 |
| Operations & Scale | ||
| Web dashboard | LiveView add-on — +$70/user/mo | Included, unlimited users |
| Multi-tenant / per-customer isolation | No | Workspace-based, RBAC |
| REST API | Advanced only | Included |
| Prometheus metrics | Advanced only | 15+ metric families |
| Terraform provider | No | Yes |
| Alert channels | Email + Slack webhook | 12+: Discord, Slack, Teams, PagerDuty, OpsGenie, SMS… |
| Dedicated server required | Yes (~$60–150/mo) | No — agent on existing hosts |
| Setup time | Hours (server + BGP config + router setup) | 60 seconds: pip install ftagent |
For network engineers
How Flowtriq actually works
No black box. Here's the technical architecture for operators who need to understand the stack before deploying anything in production.
Kernel-level capture
The agent uses AF_PACKET with BPF filtering to inspect every packet header on the interface — unsampled, at line rate. No NetFlow export dependency. No router configuration changes required.
EWMA dynamic baselines
Per-node baselines adapt automatically using Exponentially Weighted Moving Average. No manual threshold tuning. Baseline auto-learns in ~5 minutes. Handles diurnal patterns and traffic growth without intervention.
BGP FlowSpec automation
FlowSpec rules are generated from attack classification output and confidence score. Rules auto-rollback when confidence drops post-announcement. Works with ExaBGP, GoBGP, BIRD 2, and FRRouting.
PCAP ring buffer
A rolling pre-attack buffer captures the last N seconds of traffic before detection fires. When an incident is declared, the buffer is flushed and attached to the incident record — packet-level evidence from before the attack peaked.
Resource footprint
The agent uses <30 MB RAM and <0.1% CPU at idle on a typical server. Runs as a systemd service. Compatible with any Linux kernel ≥ 3.10. No kernel module, no DPDK, no PF_RING required.
Multi-tenant architecture
Workspace-based multi-tenancy with per-workspace RBAC (Owner, Admin, Analyst, Readonly). ISPs and IXPs can manage customer nodes under separate workspaces with isolated alerting and reporting.
Try it before Taiwan Internet Week — no gatekeeping
Full platform access for 7 days. No credit card. No application form. No bandwidth questionnaire. Works on any Linux server you already have.
More FastNetMon resources