Detection, Mitigation & Response

Detect and mitigate DDoS attacks in under 1 second, respond automatically, and keep your users informed.

All features →

1-Second Detection

Know the instant traffic spikes. PPS checked every second.

Attack Classification

Identifies 7 attack families with protocol-level confidence scores.

Node Firewall Rules

Per-server iptables, null-routes, CDN rules & scripts.

Cloud Scrubbing

Auto-divert to Cloudflare, OVH, or Hetzner on attack detection.

Auto-deploy FlowSpec, RTBH blackhole & rate-limiting via BGP.

Multi-Channel Alerts

Discord, Slack, PagerDuty, OpsGenie, SMS, email, webhooks.

Full packet capture with AI-powered forensic analysis.

Layer 7 Detection

HTTP flood, credential stuffing, API abuse & bot detection.

Automated Runbooks

Chain mitigation steps into automated incident response playbooks.

Analytics Baselines Threat Intel & IOC Multi-Node Status Pages Correlation Audit Log Attack Profiles Flow Collection Mirror / SPAN Mode

Who Uses Flowtriq

From indie hosts to ISPs, see how teams like yours use Flowtriq to detect and stop DDoS attacks.

All Use Cases → Talk to Us →

Infrastructure

Hosting Providers ISPs MSPs/MSSPs Small Operators Routers Edge Node Defense Proxy Providers VPN Providers

Gaming & Entertainment

Game Server Hosting Game Studios Esports Platforms iGaming & Sportsbooks

Business & Emerging

SaaS Platforms E-Commerce Financial Services Compliance VoIP & Cloud Calling GPU & AI Cloud

Home Features › Detection › Classification › Firewall Rules › Attack Profiles › Flow Collection › Mirror / SPAN Mode › Cloud Scrubbing › BGP Mitigation › IOC Matching › Alerts › PCAP Capture › Layer 7 Detection › Status Pages › Analytics › Baselines › Threat Intel Use Cases › All Use Cases › Hosting Providers › ISPs › MSPs › Small Operators › Routers › Edge Node Defense › Proxy Providers › VPN Providers › Game Server Hosting › Game Studios › Esports Platforms › iGaming & Sportsbooks › SaaS Platforms › E-Commerce › Financial Services › Compliance › VoIP & Cloud Calling › GPU & AI Cloud Pricing › Managed Protection University › Hackathon Sponsorships Resources › About › Documentation Whitelabel / Reseller Certifications Trust Center Pay with Crypto State of DDoS 2026 Blog Contact

Sign In Start Free Trial

Blog

Attack postmortems.
Engineering deep-dives.

Practical guides from engineers who've been DDoS'd and learned from it.

All Post-Mortem Attack Analysis Original Research Engineering Forensics Integrations Mitigations Fundamentals Tools Comparisons

Get attack analysis in your inbox

Monthly postmortems, detection techniques, and original research. No fluff.

We stopped a 48 Gbps attack during a live event: full technical breakdown

NTP amplification reflector distribution, SYN flood source analysis, the FlowSpec rules that fired, PCAP forensics, and a second-by-second timeline of the March 27 Lorikeet Security incident....

Apr 26, 2026 · 15 min read →

How Lorikeet Security stopped a live DDoS attack mid-training, without dropping a single student

When a multi-vector DDoS attack hit Lorikeet Security's live cybersecurity training event mid-session, Flowtriq detected it in 0.9 seconds, ...

Apr 23, 2026 · 12 min read →

OVHcloud 2024: 840 million packets per second and the MikroTik problem

How compromised MikroTik routers were weaponized for packet-rate attacks peaking at 840 Mpps, why PPS matters more than bandwidth, and what ...

Mar 16, 2026 · 13 min read →

HTTP/2 Rapid Reset: the zero-day that hit 398M requests per second

CVE-2023-44487 exploited HTTP/2 stream multiplexing to generate the largest application-layer DDoS ever recorded. Three of the world's bigge...

Mar 15, 2026 · 13 min read →

AWS 2020: dissecting the 2.3 Tbps CLDAP reflection attack

A technical post-mortem of the February 2020 CLDAP reflection attack: 2.3 Tbps of amplified traffic via UDP port 389 and the protocol mechan...

Mar 15, 2026 · 12 min read →

GitHub 2018: inside the 1.35 Tbps memcached DDoS that changed everything

How a 15-byte UDP request to exposed memcached servers generated 1.35 Tbps of amplified traffic, no botnet required. The attack that forced ...

Mar 14, 2026 · 14 min read →

Dyn 2016: how 100,000 IoT devices took down half the internet

Three waves of DNS query floods from a Mirai botnet brought Dyn's managed DNS to its knees, taking Twitter, Netflix, Reddit, and Spotify off...

Mar 14, 2026 · 15 min read →