A very odd update I am trying out this rule its my understanding that connection-limit=40,32 means 40 connections to the same host and limit=200,5 means 200 new connections over 5 seconds will result in adding the src to address list. However as soon as I refresh a webpage 1 time the address is adde...

So my SSH rules are working but I still need to figure out how to limit Port 80 TCP DoS attacks that are starting from inside my network. Does anyone have any experience with this type of thing?

Hi, I am using Mikrotik to route my VPN users traffic. Lately, I have been getting some abuse reports at a couple sites about 1 or more of my users doing some port scans, attempting to brute force SSH and launching DoS attacks on port 80. I came up with some firewall rules to block the SSH stuff but...

Very true. I had hoped to find something I could add to the other routers but maybe I wont be able to be proactive about it. This ddos has been going on for a week now. Hopefully it will let up soon.

Yea that is basically what I am doing now. My problem is users that are assigned public IP addresses can have incoming traffic to their IP. Now anything above UDP 1024 is going to be dropped due to the firewall rule.

I have a problem on one of my Mikrotiks and I am having some issues figuring out a set of rules that will allow incoming OpenVPN connections get to a server behind the router and accept PPTP/L2TP connections on the router itself while still dropping DDoS traffic. There are three things I am seeing I...

If I add these rules without adding an interface they should work with all interfaces correct? PPP clients are still downloading torrents and the only thing that is different is I have not added the interfaces,

Right now we are blocking and/or rate limiting as much P2P as we know how to. I have setup rules to filter DNS queries, rate limit excessive UDP connections and search for keywords within the packets. The problems are some users are obfuscating P2P, others have figured out that they can download the...