i am getting regularly this type of flood by some 13 year old spoiled kid that has $20 for a booter

how can i protect myself from these attacks... the ip ranges go from 1.x.x.x. to 250.x.x.x my routerboard is at 93% at some attacks but for some it's betwen 25% and 35% cpu usage...
it's weird because i have a rule to block all port 80 traffic but they still get there....
also sometimes they use udp(17) and imcp(1) instead of tcp.
i'll appreciate any help, best will be some terminal commands for filter/nat/whatever rules i need.
i have already 50+ rules added for protection and managed to reduce the attacks by about 50-60%, but this ssyn flood is killing me.
i want to block that traffic completely and on theory i've done it already, but on practice they don't work

Is this mikrotik your main router in network?

If it is and it's cpu is at 100%, only thing you can do is to ask your provider to filter some of this traffic or filter your flooded ip.

If you have any faster router on the way, try to filter udp, and make connection or packet limit per second to your flooded ip.

Can you just disable ip - services - www or write some hosts in "available from" column ?

show your firewall rules

@manson yes
however the ISP filtered 1 port and some ip ranges and told me they can't do more

@Numenori
i have no idea how to do this, sir


@chupaka


the rules between them are for virus, spams etc these are the most "rare" ones

screenshots are absolutely not informative, use '/ip firewall export'

is 231.11 the address of your router?