Our raw and filter rules use a lot of CPU. I am learning jump rules to save CPU usage. You explained it very well but do you have any other suggestions for lowering CPU usage for firewall rules? Unfortunately, no magic is available. To spend as few firewall rules as possible on most "legal&quo...

RAW is introduced to be able to block traffic before it hits connection tracking and so avoid high CPU usage.

UDP/Mangle/Filter need connection tracking and so using the CPU big time.

We use only filter for single IP connection limit and renewing src-lists timeouts.

Just one additional point - although the action name is jump , the actual functionality is more a call , because if no rule in the jump-target chain matches (or if a rule with action=return in that chain does match), the processing of the packet continues in the calling chain, starting by the first...

Hi, Time to time, I backup my settings. While I checking my backup files I saw some strange scripts that I don't have in my Winbox script & jobs tab. They are malicious for sure but I couldn't find them anywhere except in my backup file. How they injected it? How my backup file contains them? Ho...

Thanks for replying. I read all of your posts on this forum. I am really new to mikrotik. You are suggesting us to use blackhole which is ip null route right ? That method is that we cant use. we cant null client's ip otherwise they will leave us. We need to protect them no matter what happens. If ...

We run ours at 1200Mhz and it seems to work just fine. we are thinking to buy CCR1072 for just firewall is it a right move ? here our topic: https://forum.mikrotik.com/viewtopic.php?f=13&t=121781 I would definitely not use an CCR as a firewall that you are expecting to take punishment, the cloc...

I'm looking to convert my router over to a proxmox virtual server running CHR and a few other things. The question is how much power I need and if anyone has recommended vendors. E.g. Atom vs core i5 vs core i7 vs Xeon d vs Xeon e3 vs e5? How about ram? Any recommendations? Looking for 1 gbps with ...

How fast is a Ryzen processor board compared to a Xeon processor board compared to a CHR for 10-Gig core routing/bridging/FireWall/NAT/Vlan/Simple-Queue functions - a high-throughput busy ISP environment with 1,000 or greater customers? It would be interesting to find out (cost of performance vs fl...

We run ours at 1200Mhz and it seems to work just fine.

we are thinking to buy CCR1072 for just firewall is it a right move ?

here our topic: viewtopic.php?f=13&t=121781

Could you show a PCAP of the traffic these attackers send to you?

sorry we are really new can you tell me how can i get PCAP from where ?

Despite the 100% CPU usage, are you sure your 10 Gbps link isn't getting 100% consumed by the attack traffic?

yes we are sure: here is the details : viewtopic.php?f=13&t=121270&p=596213#p596368

We have only 10G uplink we could buy CCR1072-1G-8S+ or CCR1036-8G-2S+EM but we have doubts.

we only experience high CPU usage with our current E5 cpu on custom server with RouterOS.

which one is more suiatable for us CCR1072-1G-8S+ or CCR1036-8G-2S+EM ?

i started to think if my hardware can run with RouterOS 6.x ?

RouterOS 6.x current kernel version is 3.3.5+

i7700K or AMD Ryzen 7 1800X are they Compatible with RouterOS 6.x ?

How fast is a Ryzen processor board compared to a Xeon processor board compared to a CHR for 10-Gig core routing/bridging/FireWall/NAT/Vlan/Simple-Queue functions - a high-throughput busy ISP environment with 1,000 or greater customers? It would be interesting to find out (cost of performance vs fl...

If you use local ISP for tr traffic you can ask him to put ACL on your port for some kind of attacks, like amp, source ports etc). If you're connected on a IX you can use community to filter out carriers where you receive part of DDoS. For example we have some customers in TR that have your similar...

Nowadays 10Ge is too few to protect a server from DDoS. Better is contact a company that offer this solution and do remote bgp. As you offer gaming best solution is choosing a company closest to you. Where are you colocated? Thanks for replying. We already using tunnel type protection for abroad tr...

Do you use raw table for dropping?

We use raw table and Filter Rules. So what we should choose ?

Hi; we have 10G uplink we want to use Mikrotik OS to protect our game servers from DDoS attacks. We are using E5 Model intel xeon cpu on our current MikrotikOS. However, we are experience single 100% cpu load and our whitelisted user get down because their white list ips checking by that single core...

Also did you disable allow remote requests under your DNS?

Hi, Go add that IP in the raw firewall list. Then the connection does not go in the connection tracking. Also on what what port is the incoming attack? We add two ip in raw firewall list. We get hit from two ip and our one single core reached %93 with two ip flood hit. http://image.prntscr.com/imag...

Hi All; We are experiencing DDoS UDP Attack from a single ip. The IP is already in drop list. However, we are still getting down due to high CPU load on one single core. Here is the Screenshot: http://image.prntscr.com/image/8904bebc85574add878949a6b1d33a93.png We set up an allowed ip list. we store...