Hi,
We are facing DDoS Attack Using SSDP on mikrotik router. These are SSDP amplification DDoS attack and we try our best to stop but failed. Can anybody help us to, How we can stop these attacks and prevent such attacks in future.
Thanks,
Direct Logic
By “facing DDoS attack” do you mean that your routers are being used as participants in the attack, or that you’re the target of the attack?
If you’re the target, you’re going to need to get your provider(s) to drop the trafficin their network(s).
If your devices are participating then you can drop UDP/9000 at your border, both inbound and outbound.
Make sure that UPnP is disabled/blocked/highly restricted on your CPE’s WAN interfaces.
Hi,
Thanks for reply,
We are target of this attacks and we dropped in/out port on which attack came. But problem is that we drop/reject this attack our bandwidth utilization reached full and channel got choked.
Thanks,
Direct Logic
You need to get your provider(s) to drop the packets on their side of the link because even if you drop it, the damage has already been done.