Attack UDP port 5000, High Traffic

I have a problem on my network, I am getting frequent attacks with Destination IP 255.255.255.255 and port 5000. Striker clone a Wireless IP network and initiates the UDP flood attack. How do I block? I’ve tried several ways to block the firewall and could not.

Multiple connections are initiated as follows:

Example

Source Port Protocol Dest Port Tx Rate
10.10.1.15 2378 UTP 255.255.255.255 5000 47.5kbs
10.10.1.15 2672 UTP 255.255.255.255 5000 47.5kbs
10.10.1.15 5223 UTP 255.255.255.255 5000 47.5kbs
10.10.1.15 6332 UTP 255.255.255.255 5000 47.5kbs
10.10.1.15 8218 UTP 255.255.255.255 5000 47.5kbs
10.10.1.15 8328 UTP 255.255.255.255 5000 47.5kbs


I’ve done the block on the Bridge Filter, I have done marking packages to block in Firewall, I’ve already blocking UDP ports 1900 and 5000 and nothing stops the attack, that consumes all the bandwidth of the net.

post your firewall filter rules and nat rules here.

do you use a bridge?

Uf yes, then you need a firewall filter rule as follows:

add chain=forward protocol=udp src-address=10.10.1.15 dst-port=5000 action=drop comment="deny udp attack"

make sure the chain is forward if you use bridge or chain input if you use router mode.