Hi everyone, hope you are doing and having it great!
I posted a few times before, and i'm very grateful to the community that helped a noob on this mikrotik system,
I consider noob because there's always something new to learn about.

This time i'm suffering an attack, that causes my Rx packets go high. I manually blocked some of the ip attacks with a simple torch on the WAN ether and blacklist adding.
But it's really annoying me putting everyday ip of bots!

So now, i came here to know if there's something to add automatically them to my blacklist.
I don't know which port they are attacking, because i closed the port 443 opened in my router, and i enter to manage the router via PPTP.
I blocked "allow dns request" too.
It seems that they are attacking simply my public static IP.

I read almost everything in the web.

So please, can someone help me?
thank you so much for your time.

viewtopic.php?f=2&t=152953

You should watch inconnections what adresses they come from snd which ports are targetted.

The working I used worked great for me and if you see the same then try my suggestion.

viewtopic.php?f=2&t=152953

You should watch inconnections what adresses they come from snd which ports are targetted.

The working I used worked great for me and if you see the same then try my suggestion.

it seems he is scanning all my network's ips. trying to attack, and making collapse my network.
can you help me with any idea? i blocked some of this ip's. but i continue with the problems with packets in my network!
thank you so much

In most cases, you have to go to your upstream provider for assistance with a DDoS-type of attack. Even if you're dropping the packets, they still consume your bandwidth to get to your router, so your circuit is still saturated.

You might consider why your network is being attacked. For example, if you're hosting a popular or controversial webserver, you might want to move it behind a DDoS-mitigation service like Cloudflare.

In most cases, you have to go to your upstream provider for assistance with a DDoS-type of attack. Even if you're dropping the packets, they still consume your bandwidth to get to your router, so your circuit is still saturated.

You might consider why your network is being attacked. For example, if you're hosting a popular or controversial webserver, you might want to move it behind a DDoS-mitigation service like Cloudflare.

hello. yes, now it seems that they are port scanning my network's pcs! they have never gone so far.. always with a simple rule of port scanner i stopped the attacks.
i comment you that i have a web page in the server, i opened port 443 and 80 for it, but i disabled temporarly and the scan continues!

so, is it an attack from outside? or may be he is now in my network?

this is an example of the attack:

23.208.182.228:80 -> (my public ip ->192.168.10.70:xxxx)

thanks

hello. yes, now it seems that they are port scanning my network's pcs! they have never gone so far.. always with a simple rule of port scanner i stopped the attacks.
i comment you that i have a web page in the server, i opened port 443 and 80 for it, but i disabled temporarly and the scan continues!

so, is it an attack from outside? or may be he is now in my network?

this is an example of the attack:

23.208.182.228:80 -> (my public ip ->192.168.10.70:xxxx)

thanks

Without seeing the full logs, it is hard to say what your current condition is. It appears that you have some inbound NAT rules permitting outside traffic to reach 192.168.10.70 at the very least. This may or may not be expected traffic. You have to decide what is expected traffic. People scan the internet all the time. That traffic is to be expected.

I think you're probably in over your head and should consider consulting someone that can help you more directly and immediately. If your network is compromised, going back and forth on an internet forum is not a good way to mitigate the attack.