I have a problem on one of my Mikrotiks and I am having some issues figuring out a set of rules that will allow incoming OpenVPN connections get to a server behind the router and accept PPTP/L2TP connections on the router itself while still dropping DDoS traffic.
There are three things I am seeing ICMP, DNS Amplification, non proper DNS Amplification. Non proper meaning wrong ports instead of coming from source port 53 its coming from any port from about 10k to 60k. 2/3rds of it is a dns attack 1/3rd of it is ICMP and the stragglers are non standard port dns attacks. Here is a glimpse of the traffic from my packet sniffer. This is from just 2 seconds of captures.
I have tried the rules on the wiki but it blocks PPTP/L2TP and OpenVPN traffic as well. Hope someone cal help.