Hello
I have Mikrotik CCR1036, i receive currently DDoS attack to my IP router.
The CPU is being used 100% “Networking”, this causes delays and packet loss or even by the time of the router crash.
Do you have any advice for me? Knowing that the attack is very low (Not even 80kPps!)
How the attacking traffic looks?
Attack is currently 100kpps of ICMP packets.
Do you have any ICMP flood protection configured ?
There is a good example here http://wiki.mikrotik.com/wiki/Securing_New_RouterOs_Router
Hello
Thanks u for your help, but despite all your advice my CPU is always 100 because of networking. I tried to change the BGP routing of static routing with my transit operator, but nothing works.
Have you any ideas ?
Remove all the firewall rules, NAT, queues etc and disable connection tracking. Leave only static,dynamic routing in place.
Disable all others.
If conn.tracking is on, you cant beat ddos.
This is the only way a RouterOS device survives under DDOS.
At my level I’ve removed it all, yet still Networking consumes all CPU. Where does that come from? In static routing do I still need to use “adress list”?
any solution ?