We are a wireless ISP with about 8000 subs and we have gotten hit with quite a few DDOS attacks. Most of these have been initiated by someone attempting to boot one of our customers off of call of duty. We currently have CCR1072s at the core and I was wondering if anyone had an effective scripts for the Mikotiks that would stop or at least detect the destination IP so I can put it in an address list.We have detection rules in place using the limit rules but they don't appear to be working.
Or do you guys have any other type of solutions that you have had success with? Like an Aruba appliance or something like that?