FastNetMon can detect these attack only if you set thresholds for them using following available thresholds
That’s only available detection logic. sFlow, Netflow and even SPAN offer exactly same detection capabilities. There are no differences between them.
Flow spec mode is not a magic, it’s just more flexible detection engine which runs after attack detection via threshold specified by you. After that, it tried to find anomalies. That’s how it can defend agains amplification attack types or any kind of L3 / L4 attacks.