Detection, Mitigation & Response

Detect and mitigate DDoS attacks in under 1 second, respond automatically, and keep your users informed.

All features →
1-Second Detection
Know the instant traffic spikes. PPS checked every second.
Attack Classification
Identifies 8 attack types with protocol-level confidence scores.
Node Firewall Rules
Per-server iptables, null-routes, CDN rules & scripts.
Cloud Scrubbing
Auto-divert to Cloudflare, OVH, or Hetzner on attack detection.
BGP Mitigation
Auto-deploy FlowSpec, RTBH blackhole & rate-limiting via BGP.
Multi-Channel Alerts
Discord, Slack, PagerDuty, OpsGenie, SMS, email, webhooks.
IOC Pattern Matching
Identify Mirai, LOIC & botnets via payload-level indicator matching.
PCAP Capture
Full packet capture with AI-powered forensic analysis.
Status Pages
Auto-updated public incident pages for your users.
Real-Time Analytics Dynamic Baselines Threat Intel Multi-Node Maintenance Audit Log
Learn
Documentation Quick Start API Reference Agent Setup DDoS Protection Landscape Free Certifications NEW
Popular Guides
memcached Amplification Dynamic Baselines PCAP Forensics PagerDuty Setup
Company
About Us Partners White Label Referral Program Pay with Crypto System Status
Legal & Support
Contact Us Terms Privacy SLA
Who Uses Flowtriq

From indie hosts to ISPs — see how teams like yours use Flowtriq to detect and stop DDoS attacks.

Talk to Us →
Infrastructure
Hosting Providers ISPs MSPs Small Operators Routers Edge Node Defense
Gaming
Game Server Hosting Game Studios
Business
SaaS Platforms E-Commerce Financial Services
Live Detection & Mitigation

Detect. Mitigate.
Stay online.

Flowtriq runs directly on your servers, detects DDoS attacks in under a second, and automatically deploys BGP FlowSpec rules, RTBH blackholes, and cloud scrubbing to stop them. Full PCAP evidence and instant alerts on Slack, Discord, or PagerDuty.

Start Free Trial → Read the Docs
7-day free trial $9.99 / node / month No credit card required
ftagent: nyc-edge-01
09:41:02Agent started on eth0 · threshold 10,000 PPS
09:41:03Remote config: 8 IOC patterns loaded
09:44:17PPS=1,204 BPS=42Mbps NORMAL
09:44:18PPS=8,409 BPS=290Mbps ELEVATED
09:44:19PPS=47,821 BPS=1.7Gbps ATTACK DETECTED
09:44:19Incident opened · UUID: a3f7c2b1
09:44:19PCAP capture started · IOC: UDP Flood
09:44:20FlowSpec rule deployed · rate-limit UDP/53
09:44:20Alert fired · Discord · Slack · PagerDuty
09:48:02Attack mitigated · 3m43s · PCAP uploaded
09:48:02_
47,821Peak PPS
1.7GbpsPeak BPS
< 1sDetect Time
SYN Flood detected·nyc-edge-01·47,821 PPS
IOC match·mirai-variant·confidence 94%
Attack resolved·lon-cdn-02·3m 41s duration
DNS Amplification·fra-core-01·Peak 220Gbps
PCAP captured·tok-edge-01·10,000 packets
Botnet detected·syd-relay-03·3,241 source IPs
Baseline updated·ams-proxy-02·p99 = 2,100 PPS
HTTP Flood·sfo-api-01·92,000 req/s
Alert sent·all nodes·Discord · Slack · PD
FlowSpec deployed·fra-core-01·rate-limit UDP/53
Cloud scrub active·lon-cdn-02·Cloudflare Magic Transit
SYN Flood detected·nyc-edge-01·47,821 PPS
IOC match·mirai-variant·confidence 94%
Attack resolved·lon-cdn-02·3m 41s duration
DNS Amplification·fra-core-01·Peak 220Gbps
PCAP captured·tok-edge-01·10,000 packets
Botnet detected·syd-relay-03·3,241 source IPs
Baseline updated·ams-proxy-02·p99 = 2,100 PPS
HTTP Flood·sfo-api-01·92,000 req/s
Alert sent·all nodes·Discord · Slack · PD
FlowSpec deployed·fra-core-01·rate-limit UDP/53
Cloud scrub active·lon-cdn-02·Cloudflare Magic Transit

How It Works

Up and running in four steps

From install to first mitigation in under five minutes. No manual threshold tuning needed.

01 / INSTALL

Deploy the Agent

Two commands. The FTAgent installs on any Linux server, reads packets directly from the NIC, and connects to your Flowtriq workspace.

pip install ftagent
sudo ftagent --setup
02 / DETECT

Detect & Classify

Flowtriq learns your baseline, then detects and classifies attacks (UDP flood, SYN flood, DNS amp, HTTP flood) with confidence scoring and IOC matching.

03 / MITIGATE

Auto-Mitigate

BGP FlowSpec rate-limits, RTBH blackholes, and cloud scrubbing deploy automatically based on escalation policies you define. No manual intervention.

04 / ALERT

Alert & Report

Alerts fire to Discord, Slack, PagerDuty, email, or SMS within a second. Full PCAP forensics capture every attack for post-incident analysis.

Features

Built for infrastructure teams
who run real servers.

Purpose-built for NOC teams, hosting providers, game server operators, and infrastructure engineers who need detection, mitigation, and clarity during an attack — not noise.

Sub-Second Detection

Traffic is sampled every second. Attacks are detected the moment they start, not minutes later on a polling interval.

Learn more →

Auto-Mitigation

BGP FlowSpec rate-limits, RTBH blackholes, and cloud scrubbing deploy automatically via escalation policies you define.

Learn more →

Attack Classification

Automatically identifies UDP floods, SYN floods, HTTP floods, ICMP floods, DNS amplification, and multi-vector attacks.

Learn more →

Full Packet Capture

PCAP files include pre-attack traffic so you can see the ramp-up. Stream captures to the dashboard during active attacks.

Learn more →

IOC Pattern Matching

Identify known botnets like Mirai and LOIC by matching packet payloads against built-in and custom indicator patterns.

Learn more →

Multi-Channel Alerts

Route alerts to Discord, Slack, PagerDuty, OpsGenie, SMS, email, or webhooks. Configure per-severity escalation policies.

Learn more →

Dynamic Baselines

Learns your normal traffic patterns and auto-adjusts thresholds continuously. No manual tuning or guesswork required.

Learn more →

Cloud Scrubbing

Trigger Cloudflare Magic Transit, OVH VAC, or Hetzner DDoS protection automatically when attacks escalate beyond BGP.

Learn more →

Immutable Audit Log

Every action is logged: incidents opened, PCAPs downloaded, mitigation rules deployed, API keys rotated. Full accountability.

Learn more →
See all features →
< 1s
Detect & mitigate
4
Escalation levels
8
Attack types classified
100%
Packet-level visibility

Integrations

Works with your stack

Connect to the tools your team already uses. Alerts, mitigation rules, cloud scrubbing, and reporting fire automatically when attacks hit.

Cloudflare
Scrubbing + WAF
BGP / ExaBGP
FlowSpec & RTBH
Discord
Attack Alerts
Slack
Attack Alerts
PagerDuty
On-Call Escalation
OpsGenie
Alert Management
SMS
Text Alerts
Webhooks
Custom Automation
Configure integrations in your dashboard

Pricing

Simple, honest pricing

Flat per-node pricing. No traffic-volume surcharges, no per-alert fees, no seat limits.

Per Node
$9.99/node/mo

Everything you need, billed by the server. Scale up or down instantly.

  • Unlimited incidents per node
  • Auto-mitigation (BGP + cloud scrub)
  • PCAP capture (7-day retention)
  • All 7+ alert channels
  • Full attack classification
  • 7-day free trial
Start Free Trial
Enterprise
Custom

Volume discounts, dedicated support, PCAP retention up to 365 days, SSO, and SLA guarantees.

  • Everything in Per Node
  • Volume pricing (50+ nodes)
  • 365-day PCAP retention
  • Dedicated Slack channel
  • Custom IOC library
  • 99.9% uptime SLA
Talk to Sales →
View full pricing details →

FAQ

Frequently asked questions

What is Flowtriq?

Flowtriq is a real-time DDoS detection and auto-mitigation platform. It installs as a lightweight agent on your Linux servers, monitors every packet, classifies attack types (SYN flood, UDP amplification, DNS reflection, etc.), and can automatically deploy BGP FlowSpec rules, RTBH, or trigger cloud scrubbing — all within one second of detection.

How does Flowtriq detect DDoS attacks?

Flowtriq monitors network traffic in real time using per-packet inspection. It learns your normal traffic baseline, then detects anomalies like sudden spikes in packets-per-second, unusual protocol distributions, or known attack signatures. It classifies attacks into specific types and alerts your team within one second.

How much does Flowtriq cost?

$9.99 per node per month, or $7.99/node/mo on an annual plan. No per-seat charges, no traffic-volume surcharges, no per-alert fees. Every plan includes unlimited incidents, all alert channels, PCAP capture, and auto-mitigation. A 7-day free trial is available with no credit card required.

What alert channels does Flowtriq support?

Discord, Slack, email, SMS, PagerDuty, OpsGenie, and custom webhooks. Alerts fire within one second of detection and include attack type, severity, packets-per-second, and affected node details.

Does Flowtriq offer auto-mitigation?

Yes. Flowtriq can automatically deploy BGP FlowSpec rules, RTBH routing, or trigger cloud scrubbing when an attack is detected. You can configure mitigation rules with thresholds, cooldowns, and specific attack type triggers from the dashboard.

How long does it take to set up?

Under two minutes. Run pip install ftagent, then sudo ftagent --setup with your API key. The agent immediately begins monitoring traffic. You'll see data in your dashboard within seconds of installation.

What is PCAP capture?

When Flowtriq detects an attack, it automatically captures raw packet data (PCAP) for forensic analysis. Download captures from the dashboard, filter by protocol and time range, and use them with tools like Wireshark. Retention is 7 days on standard plans, up to 365 days on enterprise.

Can I monitor multiple servers?

Yes. Install the agent on as many servers as you need and manage them all from one dashboard. Each node is billed independently. You can organize servers into separate workspaces for different teams or clients.

Get Started

Your servers are under attack right now.
Would you know? Would they survive?

Install the agent in two minutes. Get real-time DDoS detection and auto-mitigation free for 7 days. No credit card, no commitment.

Start Free Trial → Read the Docs