Hi i have CCR1036 and my router cant stay under attack and reboot when one of my ips recive about for example 10-50mbit bandwitdh Ddos mean on one ip connect to many connection and packet then my mikrotik reboot or full Cpu and cant access it i need a way to fix this i dont know why this hardware should down under 10-50mbit ddos.
And is any way to detect hping3 ddos?
Thanks
Look at Profile!! Which service is using resources! There is no way that your CCR struck on 10-15Mbps! Impossible! It can handle lot more!! Try newest version! Seems like a bug or hardware problem to me!
Make fillter in firewall - limit connections to one IP! Search for - prevent DDOS in this forum - plenty info for that!
Does your log show this command on profiles?
hping3 --flood <ip>
If your router can’t stand up to a simple packet flood then you probably have too many complex firewall rules.
profile show firewall use 100% cpu and restart my router
i have block my ip with recive ddos see packets
no i didnt see this on my logs
I just have a two firewall rules, one block icmp and other block one ip on my network
are you allowing remote dns requests
no i didnt allow it
You need to remember that the default action for MikroTik firewall is Accept. If you do not put a Drop All rule at the bottom of each firewall chain, your router will Accept all packets that hit that chain. This is a HUGE oversight from MikroTik in terms of security, but easily correctable. You need to explicitly allow traffic that you want and Drop everything else.
i cant do this i have many users on this network and i cant allow one of my trafik and drop others
Mpreissner isn’t suggesting that, but by denying “new” connections on WAN’s input chain, for example, will save you a world of pain. If you allow the WAN port to reply to dns requests, you’re vulnerable.
Sent from my cell phone via Tapatalk. Sorry for the errors.
I agree protecting your router from input attacks directly to the router is important.