Detection, Mitigation & Response

Detect and mitigate DDoS attacks in under 1 second, respond automatically, and keep your users informed.

All features →
1-Second Detection
Know the instant traffic spikes. PPS checked every second.
Attack Classification
Identifies 8 attack types with protocol-level confidence scores.
Node Firewall Rules
Per-server iptables, null-routes, CDN rules & scripts.
Cloud Scrubbing
Auto-divert to Cloudflare, OVH, or Hetzner on attack detection.
BGP Mitigation
Auto-deploy FlowSpec, RTBH blackhole & rate-limiting via BGP.
Multi-Channel Alerts
Discord, Slack, PagerDuty, OpsGenie, SMS, email, webhooks.
PCAP Capture
Full packet capture with AI-powered forensic analysis.
Layer 7 Detection
HTTP flood, credential stuffing, API abuse & bot detection.
Automated Runbooks
Chain mitigation steps into automated incident response playbooks.
Analytics Baselines Threat Intel & IOC Multi-Node Status Pages Correlation Audit Log Attack Profiles Flow Collection Mirror / SPAN Mode NEW
Learn
Documentation Quick Start API Reference Agent Setup DDoS Protection Landscape State of DDoS 2026 REPORT Free Certifications NEW
Research & Guides
Mirai Botnet Kill Switch Research memcached Amplification Dynamic Baselines PCAP Forensics PagerDuty Setup
Company
About Us Partners Managed Protection Whitelabel / Reseller Affiliate Program Pay with Crypto System Status
Legal & Support
Contact Us Security Trust Center Terms Privacy SLA
Who Uses Flowtriq

From indie hosts to ISPs, see how teams like yours use Flowtriq to detect and stop DDoS attacks.

Talk to Us →
Infrastructure
Hosting Providers ISPs MSPs/MSSPs Small Operators Routers Edge Node Defense
Gaming
Game Server Hosting Game Studios
Business
SaaS Platforms E-Commerce Financial Services Compliance
Home/Tools/BGP FlowSpec Rule Builder

Free Tool

BGP FlowSpec Rule Builder

Generate BGP FlowSpec rules for surgical DDoS traffic filtering. Define match criteria, select actions, and export ready-to-use configurations for ExaBGP, BIRD, GoBGP, or Cisco IOS-XR.

FlowSpec Rules

Your BGP neighbor or next-hop IP
ExaBGP
BIRD 2
GoBGP
Cisco IOS-XR
flowspec-rules.conf
Add FlowSpec rules and click Generate to build your configuration.
Or use a preset to get started quickly.
What is BGP FlowSpec?
BGP FlowSpec (RFC 5575) distributes traffic filtering rules via BGP. Instead of blackholing entire prefixes (RTBH), FlowSpec lets you surgically drop, rate-limit, or redirect specific traffic patterns: filtering by source/destination IP, protocol, port, packet length, DSCP, and TCP flags.
Production Warning: Always test FlowSpec rules in a lab environment first. Incorrect rules can inadvertently block legitimate traffic. Ensure your upstream provider supports FlowSpec and validate rules match your intended traffic patterns before deployment.

FlowSpec Match Types

Destination Prefix

The target IP or subnet being attacked. Usually your own prefix (e.g., 203.0.113.0/24). Required for most FlowSpec implementations.

Source Prefix

Filter by source IP or subnet of the attacker. Useful for known botnets or spoofed source ranges. Leave empty to match any source.

Protocol & Port

Match on IP protocol (TCP, UDP, ICMP) and destination/source port numbers. Essential for filtering amplification attacks targeting specific services.

Packet Length

Filter by IP packet size. Amplification attacks often have characteristic packet sizes (e.g., DNS responses >512 bytes, NTP monlist >440 bytes).

TCP Flags

Match specific TCP flag combinations: SYN, ACK, FIN, RST, PSH, URG. Critical for identifying SYN floods (SYN without ACK) or malformed packets.

Actions

Drop discards matching packets. Rate-limit throttles traffic to a specified bps. Redirect sends traffic to a scrubbing VRF for inspection.

Automate FlowSpec with Flowtriq

Flowtriq automatically generates and deploys FlowSpec rules when attacks are detected: no manual configuration needed. Our 4-level auto-escalation moves from local firewall to FlowSpec to RTBH to cloud scrubbing in seconds.

Start Free Trial Learn More
Export your results

FAQ

Frequently Asked Questions

What is BGP FlowSpec and how does it stop DDoS attacks?

BGP FlowSpec (RFC 5575) advertises traffic filtering rules via BGP, installing packet-matching conditions (source/dest IP, protocol, port, length) directly on upstream routers. Traffic is dropped or rate-limited before reaching your network — unlike RTBH which drops everything to a prefix.

Which routers support BGP FlowSpec?

Cisco IOS-XR, Juniper JunOS, Arista EOS, ExaBGP, GoBGP, BIRD 2, and FRRouting all support FlowSpec. ExaBGP is the most common choice for DDoS mitigation due to its API-driven automation and Python scripting support.

What is the difference between BGP FlowSpec and RTBH?

RTBH (Remote Triggered Black Hole) drops all traffic to a destination prefix — a blunt instrument that takes the victim offline. FlowSpec is surgical: match 5-tuple conditions and apply rate-limiting or dropping to specific malicious flows while keeping legitimate traffic online.