There is a lot of talk about mitigating DDoS attacks with mikrotik routers, but Mikrotik could help by preventing DDoS attackers from using Mikrotik devices as a tool to attack.
Yesterday a multi-gigabit DNS attack was used against our company, or one of our clients. -we cannot be certain of the actual force, or the indended target-
We were curious, what devices were used against us to reflect / amplify the attack, and started digging.
There were many thousands of different addresses from all over the net, so whe checked a hundred at random.
Much to our surprise we found that 74 of them responded with a mikrotik webfig page (and different routeros versions).
It seems that someone is using a rather sizable fleet of mikrotik routers to reflect and amplify DNS attacks.
I know, that this is the user's fault.
I know that by default (defconf removed), the DNS server is disabled, and I know that if it is enabled, than it should be protected too.
BUT, I also think that Mikrotik should introduce a way to limit the source of the served remote DNS requests right from the IP->DNS panel, either by interface or by ip range constraints. (like you can do this in IP->Services)
This way it would be more prominent that the user / administrator should protect the device, and would give an efficient way to do it quickly!
Thank you, in advance!