A pulsing DDoS attack produces the effect of persistent flooding to many Internet services that dynamically adjust settings. Such an attack sends a short traffic pulse through low-rate traffic from various sources of bots. Prior research proposed defense algorithms on a network device with powerful computing resources to monitor and mitigate such attacks. However, a heterogeneous network consisting of devices with diverse computing resources may fail to deploy such defense algorithms on a resource-constrained device. Instead of improving the prior defense approach to fit devices with diverse computing resources, we propose a defense approach named FLARE that collaborates powerful computing devices to protect resource-constrained devices. FLARE exchanges traffic information between powerful computing devices to explore the flows that intend to participate in constructing pulses at the victim and further block their access to the network. Specifically, FLARE has three phases, starting with powerful devices grouping flows with the same estimated arrival time at the victim and exchanging them to identify suspiciousness. Second, FLARE randomizes the path latency of a suspicious group to disrupt time synchronization between bots. Third, with those phases running continuously, FLARE considers those suspicious flows that are repeatedly caught as malicious and blocks them for a period of time. We further extend FLARE into three models with trade-offs between detection delay and required computing resources. Our experiment results show an overall 92% of accuracy on grouping flows and an under 1% of mis-blocking ratio after four pulses.