dos attack

cmanciu · August 13, 2015, 1:54am

with this creating dynamic ip’s..to stop dos attacks…and if you use Mr. Chupaka formula here… what firewall rule is used to allow your dns to still work so customers can still get to the internet …thank you for your time…

/ip firewall filter
add action=jump chain=forward comment=Detect-Ddos connection-state=new
disabled=no in-interface=ether1 jump-target=detect-ddos
add action=return chain=detect-ddos comment=DOS-Exceptions disabled=no
src-address-list=DOS-Exceptions
add action=return chain=detect-ddos comment=Detect-Ddos disabled=no
dst-limit=32,32,src-and-dst-addresses/10s
add action=add-dst-to-address-list address-list=ddosed address-list-timeout=
1w chain=detect-ddos comment=Detect-Ddos disabled=no
add action=add-src-to-address-list address-list=ddoser address-list-timeout=
1w chain=detect-ddos comment=Detect-Ddos disabled=no
add action=drop chain=forward comment=Detect-Ddos connection-state=new
disabled=no dst-address-list=ddosed src-address-list=ddoser

cmanciu · August 17, 2015, 12:28pm

is this the correct way?

add address=10.0.0.0/8 list=DNS_Accept
add address=192.168.0.0/16 list=DNS_Accept

add action=jump chain=forward comment=“DoS Attack 1” connection-state=new
disabled=yes jump-target=detect-ddos
add action=return chain=detect-ddos comment=“DoS Attack 2” disabled=yes
dst-limit=1,5,dst-address src-address-list=DNS_Accept
add action=return chain=detect-ddos comment=“DoS Attack 3” disabled=yes
dst-limit=1,5,dst-address src-address-list=DNS_Accept
add action=return chain=detect-ddos comment=“DoS Attack 4” disabled=yes
dst-limit=1,5,dst-address src-address=192.168.0.0/16
add action=return chain=detect-ddos comment=“DoS Attack 5” disabled=yes
dst-limit=1,5,dst-address src-address=10.0.0.0/8
add action=add-dst-to-address-list address-list=ddosed address-list-timeout=
10s chain=detect-ddos comment=“DoS Attack 8” disabled=yes
add action=add-src-to-address-list address-list=ddoser address-list-timeout=
10s chain=detect-ddos comment=“DoS Attack 9” disabled=yes
add action=drop chain=forward comment=“DoS Attack 10” connection-state=new
disabled=yes dst-address-list=ddosed src-address-list=ddoser

I need a pro’s advice…is or will this help me and my 8 customers from being attacked and still all of us be able to surf the web…thank you for your time