How to block chargen attack ?
my mikrotik v6.26 x86
attack traffic 2gbit
my firewall
drop any port 19
drop any udp port 0-65000
Thank you for your help
This rule is reallu bad, remove this: “drop any udp port 0-65000”
FIRST: make one address-list with all your good IPs called “lista_ip_sicuri”!!!
Then add this to the first line on firewall, assuming your internet source is ether1, change with your port!!!
/ip firewall filter
add action=add-src-to-address-list address-list=@CHARGEN chain=forward comment=CHARGEN in-interface=ether1 protocol=udp src-address-list=!lista_ip_sicuri src-port=19
add action=add-src-to-address-list address-list=@CHARGEN chain=forward dst-port=19 in-interface=ether1 protocol=udp src-address-list=!lista_ip_sicuri
add action=drop chain=forward in-interface=ether1 src-address-list=@CHARGEN
Ask your internet provider to block all incoming and outcoming UDP port 19 on your connection!!!
I have firewall rules add src list (chargen) any port 19
drop chargen rules drop 1minute/5GIB
The problem is that the same attack traffic wan interface
Idea
fragmet attack packet TTL=121
mangle udp any port 19 change packet TTL=1
Good idea ?
Do not waste time, simply drop all udp on any-port=19
any= src or dst
I think chargen across edge router is unused from years…