Detection, Mitigation & Response

Detect and mitigate DDoS attacks in under 1 second, respond automatically, and keep your users informed.

All features →
1-Second Detection
Know the instant traffic spikes. PPS checked every second.
Attack Classification
Identifies 7 attack families with protocol-level confidence scores.
Node Firewall Rules
Per-server iptables, null-routes, CDN rules & scripts.
Cloud Scrubbing
Auto-divert to Cloudflare, OVH, or Hetzner on attack detection.
BGP Mitigation
Auto-deploy FlowSpec, RTBH blackhole & rate-limiting via BGP.
Multi-Channel Alerts
Discord, Slack, PagerDuty, OpsGenie, SMS, email, webhooks.
PCAP Capture
Full packet capture with AI-powered forensic analysis.
Layer 7 Detection
HTTP flood, credential stuffing, API abuse & bot detection.
Automated Runbooks
Chain mitigation steps into automated incident response playbooks.
Analytics Baselines Threat Intel & IOC Multi-Node Status Pages Correlation Audit Log Attack Profiles Flow Collection Mirror / SPAN Mode
Learn
Documentation Quick Start API Reference Agent Setup DDoS Protection Landscape State of DDoS 2026 REPORT Free Certifications Hackathon Sponsorships
Research & Guides
Server Nerd Comic NEW Mirai Botnet Kill Switch Research memcached Amplification Dynamic Baselines PCAP Forensics PagerDuty Setup
Company
About Us Partners Managed Protection Whitelabel / Reseller Affiliate Program Pay with Crypto System Status
Legal & Support
Contact Us Security Trust Center Terms Privacy SLA
Who Uses Flowtriq

From indie hosts to ISPs, see how teams like yours use Flowtriq to detect and stop DDoS attacks.

All Use Cases → Talk to Us →
Infrastructure
Hosting Providers ISPs MSPs/MSSPs Small Operators Routers Edge Node Defense Proxy Providers VPN Providers
Gaming & Entertainment
Game Server Hosting Game Studios Esports Platforms iGaming & Sportsbooks
Business & Emerging
SaaS Platforms E-Commerce Financial Services Compliance VoIP & Cloud Calling GPU & AI Cloud
Home/Integrations/VyOS
Two deployment modes VyOS 1.3 + 1.4 5 min setup

DDoS Detection for VyOS

VyOS is Debian-based, so you have a choice: install ftagent directly on the router for sub-second detection, or export NetFlow to an external host to keep the router lightweight. Both give you real-time DDoS detection, attack classification, and automated mitigation.

Generate your config → GitHub

Deployment

Two ways to deploy

Recommended

Direct Install

Install ftagent directly on VyOS. Because VyOS is Debian-based Linux, ftagent runs natively with no compatibility issues.

  • Sub-second attack detection
  • PCAP packet capture during attacks
  • On-router iptables firewall rules
  • No external server required
  • Uses some router CPU and memory

NetFlow Export

Export NetFlow from VyOS to an external Linux host running ftagent. Keeps the router clean and offloads all analysis.

  • Zero software installed on the router
  • All processing on external host
  • Built-in VyOS flow-accounting
  • Supports NetFlow v5, v9, and IPFIX
  • 15-60 second detection latency
  • No PCAP capture from router

Architecture: Direct Install vs NetFlow

Direct Install Mode
VyOS + ftagent
Agent runs on router
Flowtriq Dashboard
Detection + alerts + mitigation
NetFlow Export Mode
VyOS
flow-accounting
NetFlow Export
UDP v5/v9/IPFIX
ftagent
External Linux host
Flowtriq Dashboard
Detection + alerts + mitigation

Setup

Get started in three steps

1

Choose your mode

Direct install for sub-second detection and PCAP captures. NetFlow export to keep VyOS lightweight. Use our config generator to get exact commands for either mode.

2

Install and configure

Direct: pip install ftagent && sudo ftagent --setup on VyOS.
NetFlow: Configure VyOS flow-accounting in CLI and install ftagent on your external Linux host.

3

See attacks in your dashboard

Traffic data appears in Flowtriq within minutes. Baselines build automatically. Attacks are detected, classified, and trigger your configured alert channels and mitigation policies.

Use the config generator for exact VyOS commands →

Comparison

Direct install vs NetFlow export

Feature Direct Install NetFlow Export
Detection latency Under 1 second 15-60 seconds
PCAP capture Yes No
On-router firewall rules Yes (iptables) External host only
Software on router ftagent (Python, ~100 MB RAM) None
External server needed No Yes (any Linux host)
Attack classification Full (7+ families) Full (7+ families)
BGP FlowSpec / RTBH
Best for Routers under 1 Gbps High-throughput or minimal-footprint

Capabilities

What you get with this integration

Real-Time Attack Detection

Flowtriq detects volumetric DDoS attacks by analyzing traffic patterns on your VyOS router. Dynamic baselines learn your normal traffic and alert on anomalies.

Attack Classification

Every detected attack is classified: SYN floods, UDP amplification, DNS reflection, NTP monlist, ICMP floods, GRE floods, fragmentation attacks, and more.

BGP Mitigation

Trigger BGP FlowSpec rules or RTBH blackholes automatically when attacks are detected. Works with your existing BGP speakers and upstream providers.

Multi-Channel Alerting

Get notified instantly via Discord, Slack, PagerDuty, OpsGenie, email, SMS, or webhooks. Alert messages include attack type, target IP, and traffic volume.

Protect your VyOS network today

Real-time DDoS detection and automated mitigation starting at $9.99/node/month. Free 14-day trial with no credit card required.

Start your free trial → Generate setup config → Talk to us →
Built by the team behind CVE-2024-45163 | Trusted by ISPs and hosting providers worldwide

FAQ

Frequently Asked Questions

Can ftagent run directly on VyOS?

Yes. VyOS is Debian-based Linux, so ftagent installs natively. Run pip install ftagent or use the one-line installer. This gives you sub-second detection, PCAP capture, and on-router firewall rules.

When should I use NetFlow mode instead of direct install?

Use NetFlow mode when you do not want to install additional software on your router, when you want to keep the router as lightweight as possible, or when your VyOS instance is a virtual appliance with limited resources. NetFlow mode offloads all processing to an external Linux host.

What VyOS versions are supported?

Both modes work on VyOS 1.3 (equuleus) and VyOS 1.4 (sagitta). The direct install mode requires Python 3.8+ which is included in both versions. NetFlow export uses VyOS built-in flow-accounting which is available in all recent releases.

Does ftagent affect VyOS routing performance?

ftagent reads kernel-level network counters and uses minimal CPU (under 1%). For routers handling high PPS, the NetFlow mode is safer because all analysis happens on a separate machine. For most deployments under 1 Gbps, direct install has no measurable impact on forwarding performance.

Can Flowtriq deploy firewall rules on VyOS?

In direct install mode, ftagent deploys iptables rules on the VyOS router itself to drop attack traffic. In NetFlow mode, ftagent deploys rules on the external Linux host where it runs, or triggers BGP FlowSpec, RTBH, or cloud scrubbing via API.

Does VyOS support NetFlow v9 and IPFIX?

Yes. VyOS flow-accounting supports NetFlow v5, v9, and IPFIX. Flowtriq accepts all three. We recommend NetFlow v9 for the best balance of compatibility and detail.