MikroTik

Community discussions
https://forum.mikrotik.com/

how to syncookie protection

https://forum.mikrotik.com/viewtopic.php?t=69971

Page 1 of 1

how to syncookie protection

Posted: Sun Feb 17, 2013 12:00 am
by posetr
Hello guys , i need to enable on syncookie protection for detect and block spoof ips. I already enabled TCP-Syn cookies in ip settings and it wont help to prevent ddos attack.
Routerboard inaccessible when synflood attack comes from spoof ips. If i limit whole new synconnections routerboard drops all new and old requests.

Please help me to solve it .

Re: how to syncookie protection

Posted: Sun Feb 17, 2013 11:36 pm
by dcarrera
http://wiki.mikrotik.com/wiki/DoS_attack_protection

Re: how to syncookie protection

Posted: Mon Feb 18, 2013 2:59 am
by posetr
it drops all new syn packets with that rules whitch written on page.i need drop new syn paket if it comes from spoof ip address

Re: how to syncookie protection

Posted: Mon Feb 18, 2013 12:22 pm
by dcarrera
ahmn okk, drastic solution, you can use blacklists.

filter packets to detect and add ips to firewall address list with action ADD DST TO ADDRESS LIST, and add a filter rule to drop packets.

a similar example http://forum.mikrotik.com/viewtopic.php?f=13&t=54199
All times are UTC+02:00
Page 1 of 1
Powered by phpBB® Forum Software © phpBB Limited
https://www.phpbb.com/