Preventing an ddos atack on mikrotik router

the_time · Sun Sep 26, 2004 5:26 pm

Hello,
I need some help before some days I have an atack on mikrotik router and evrything goes down now it sems to be an ddos atack does anybody know any way to defend or prevent these kind of atacks.
Thanks

RobClem · Mon Sep 27, 2004 10:48 am

I also am getting DOS attacks on my network - they are from random addresses on random ports!!!!
I setup a 2k queue for all ICMP traffic and this seems to have helped. It drops some ICMP traffic during busy periods but all other traffic seems to work fine....

changeip · Mon Sep 27, 2004 5:32 pm

I've created a SynFlood firewall chain that I pass things thru. I believe this is working, but not 100% sure it's the optimal values:

 0   in-interface=level3.1 protocol=tcp tcp-options=syn-only limit-count=100 limit-burst=5 limit-time=1s action=return 

 1   in-interface=level3.1 protocol=tcp tcp-options=syn-only action=drop

the_time · Mon Sep 27, 2004 8:03 pm

so i've creat a new chain with name "SynFlood" then i create this

0   src-address=0.0.0.0/0:0-65535 in-interface=all
    dst-address=0.0.0.0/0:0-65535 out-interface=all protocol=tcp
    icmp-options=any:any tcp-options=syn-only connection-state=any flow=""
    connection="" content="" src-mac-address=00:00:00:00:00:00
    limit-count=100 limit-burst=5 limit-time=1s action=return log=no

1   src-address=0.0.0.0/0:0-65535 in-interface=all
    dst-address=0.0.0.0/0:0-65535 out-interface=all protocol=tcp
    icmp-options=any:any tcp-options=syn-only connection-state=any flow=""
    connection="" content="" src-mac-address=00:00:00:00:00:00
    limit-count=0 limit-burst=0 limit-time=0s action=drop log=no

is that ok

Preventing an ddos atack on mikrotik router

Preventing an ddos atack on mikrotik router

Who is online