mikrotik tcp connection limit reject or drop

derr12 · Tue Mar 23, 2010 8:42 pm

Ive run into on at least two occasions where a customer has reched my tcp connection limit and the connections to them never drop. they stay active in the the firewall connections area.

right now i have the action set to reject-tcp reset. is that incorrect? should i be using drop instead? the default timeout values place a drop @ 60 seconds the tcp-reset should be instintainous shouldnt it?

derr12 · Tue Mar 23, 2010 10:35 pm

here is the rule in all its printed glory:

2 ;;; tcp connection limit
chain=forward action=reject reject-with=tcp-reset protocol=tcp connection-limit=60,32

Chupaka · Wed Mar 24, 2010 11:45 am

try action=reject, but reject-with=icmp-something

derr12 · Wed Mar 24, 2010 8:31 pm

so in theory, the connection should die immediatly since it was rejected. ill try it with icmp port unreachable.

derr12 · Fri Apr 09, 2010 12:02 am

so it looks like the connections are still sticking in the firewall even tho the host has long since been turned off.

I was using reject icmp: host unreachable.

The wierd thing im noticing... howcome these tcp connections have a 24 hour timeout? thats not normal is it?

should i try using drop instead of reset?

SurferTim · Fri Apr 09, 2010 12:14 am

The difference between reject and drop is whether the requesting ip is notified about the failure. I use drop if there is a chance the source ip has bad intentions. If you feel that is the case, use action=drop. If it is a trusted network, then use action=reject.

derr12 · Tue Apr 13, 2010 8:32 pm

typically filesharing or viral. next time i see it ill try changing the rule to drop and see what happens.

rado3105 · Sun Feb 08, 2015 12:18 pm

According to some texts it is better to use reject instead of drop in case of failure....because DROP could kill your router....and make it unreachable

Mon Feb 09, 2015 10:55 pm

Sometimes tarpit can be effective also.

rado3105 · Sat Feb 14, 2015 8:16 pm

under attack tarpit made my router unresponsive and internet went down....for local users, not for attacker....

hossain2004a · Sun Feb 15, 2015 12:21 pm

under attack tarpit made my router unresponsive and internet went down....for local users, not for attacker....

what kind of attack? brute? DDOS?
limiting may not be so usefull for DDOS. as i saw in one of thread before

rado3105 · Mon Feb 23, 2015 3:36 pm

I am not sure, but seemed like DDOS...

mikrotik tcp connection limit reject or drop

mikrotik tcp connection limit reject or drop

Re: mikrotik tcp connection limit reject or drop

Re: mikrotik tcp connection limit reject or drop

Re: mikrotik tcp connection limit reject or drop

Re: mikrotik tcp connection limit reject or drop

Re: mikrotik tcp connection limit reject or drop

Re: mikrotik tcp connection limit reject or drop

Re: mikrotik tcp connection limit reject or drop

Re: mikrotik tcp connection limit reject or drop

Re: mikrotik tcp connection limit reject or drop

Re: mikrotik tcp connection limit reject or drop

Who is online