Community discussions

MikroTik App
  4. RouterOS
  5. General

HELP with UDP flooding

Post Reply
 
User avatar
nick3dos
Member Candidate
Member Candidate
Topic Author
Posts: 189
Joined: Fri Apr 29, 2011 11:03 pm
Location: Greece

HELP with UDP flooding

Wed Jan 15, 2014 10:49 am

Can someone tell what i have to do to prevent UDP flooding in my router.

I search the wiki and found these roules:
Code: Select all
add action=drop chain=forward disabled=no dst-address-list=udp_flooded
add action=drop chain=forward disabled=no src-address-list=udp_flooder
add action=jump chain=forward comment="UDP Flood Protection" connection-state=new 
add action=return chain=udp_flood disabled=no dst-limit=50,50,src-and-dst-addresse
add action=add-src-to-address-list address-list=udp_flooder address-list-timeout=1
add action=add-dst-to-address-list address-list=udp_flooded address-list-timeout=1
but it didnt work, new UDP connections keep comming to my router and everytime i have to manualy drop these ips.

Thanks.
Top
 
User avatar
nick3dos
Member Candidate
Member Candidate
Topic Author
Posts: 189
Joined: Fri Apr 29, 2011 11:03 pm
Location: Greece

Re: HELP with UDP flooding

Wed Jan 15, 2014 6:07 pm

???
Top
 
Lakis
Forum Veteran
Forum Veteran
Posts: 703
Joined: Wed Sep 23, 2009 7:52 pm

Re: HELP with UDP flooding

Wed Jan 15, 2014 11:45 pm

That does not mater if u drop them, traffic is still coming to ur router WAN port
best solution use Torch and see where the flood-traffic is directed "dst-address" and call your ISP
Last edited by Lakis on Wed Jan 15, 2014 11:52 pm, edited 1 time in total.
Top
 
User avatar
nick3dos
Member Candidate
Member Candidate
Topic Author
Posts: 189
Joined: Fri Apr 29, 2011 11:03 pm
Location: Greece

Re: HELP with UDP flooding

Wed Jan 15, 2014 11:50 pm

Thanks for your answer.
My ISP cant help me.

At least i want to stop flood connections of that ips.
If i manually drop in firewall the ips that make the connections, in some point it is all ok.

But how can these ips be dynamic added to these firewall rules, without every time to do it manually?
Top
 
Lakis
Forum Veteran
Forum Veteran
Posts: 703
Joined: Wed Sep 23, 2009 7:52 pm

Re: HELP with UDP flooding

Thu Jan 16, 2014 12:09 am

First if flood is from many addresses one port drop that port
Is this ur everyday problem?
UDP flood form many addresses and many ports that sucks
if u are ISP and u have many real IPs find where flood-traffic is directed "dst-address" - (I edited this on my first post)
Top
 
User avatar
nick3dos
Member Candidate
Member Candidate
Topic Author
Posts: 189
Joined: Fri Apr 29, 2011 11:03 pm
Location: Greece

Re: HELP with UDP flooding

Thu Jan 16, 2014 12:27 am

I have 40 static ips in my metwork from my ISP.
In two of them i discovered this problem, two days now.
UDP flood are from different addresses and different ports.
Top
 
redflag237
just joined
Posts: 21
Joined: Mon Aug 12, 2013 1:17 pm

Re: HELP with UDP flooding

Wed Jan 22, 2014 7:07 pm

I have 40 static ips in my metwork from my ISP.
In two of them i discovered this problem, two days now.
UDP flood are from different addresses and different ports.
Why is this ruleset not working? What is running behind your router... Webserver?
In case of any Webservers, i would recommend you to simply touch the A-Record of your Domain and redirect to any DDos-Cloud-Service. This Service filters the bad traffic and only let the cleaned stuff pass to your real IP. Can recommend you Depulsio (www.depulsio.de), met this guys last year on ISD in Cologne.

But what i didn't unterstand: is the problem that the ports is fully loaded (by this attack) or is the problem the target, that is being attacked?
If the target is your problem: What ports are being Attacked and wherefore they got opened. Maybe Reverse-Proxy them?

If your ISP Uplink is strong enough and doesn't get fully loaded and even your Router is powerful enough... let the Traffic flow and just drop it by time. Maybe try other rate limits. What Piece of Hardware we're talking about and which datarate on your WAN we're talking about?
Top
Post Reply
  4. RouterOS
  5. General