I need auto ban script for mikrotik. My server under attack from too many ip addreses. I know which ips are attacker’s ips but I need mikrotik download one text file and block that ip addresses.
how can I do this?
server can give plain text file ever line one ip address
mikrotik first flush old ips than put new ip addresses.
A suggestion would be to setup a rule that watches ICMP pings of size XYZ, if found, add destination to an address-list and cancel the ping. This allows you to build an address-list on the fly from a machine behind your firewall. You can then firewall based on entries in that list. Entries will automatically fall off the list when their TTL is expired.
Just a suggestion - if its a busy router though performance will suffer if being attacked probably.
Sam
Attackers request an address from server (port 80). I write a rule to mikrotik. It fixed server load ,little. Do you offer diffrent way to stop this?
General
TCP
Advanced
TCP Flags SYN
Extra
Rate 1/sec
Burst 2
limit by src and dst addresses
Expire 40000 ms