Hello,
I am happy user of RB2011UiAS-2HnD with Router OS ver. 6.15 installed, but recently a few problems came from the dark site of the internet (ether1-gateway).
So the problem is, that from time to time somebody wants to shutdown my apache or Minecraft server.
Apache part:
- Using slowloris to create tons of requests and server CPU to hang at 100%
- Is there any automated solution using filter rules and address lists to block this type of attack? Or will I have to block every IP which makes this nasty stuff manually?
0 ;;; HTTP attack
chain=forward action=reject reject-with=icmp-network-unreachable
protocol=tcp dst-address=89.36.234.120 port=80
Screenshot of the attack
Screenshot_70.png
Minecraft part:
- Using death bot which creates more than 100 connections at once and successfuly blocks entire server.
- Any way to block these using connection limit and address lists?
Screenshot_73.png
192.168.1.71 acts as attacker just for Wireshark purpose for you to see what is going on and yes, 25565 port of testing server being DOSsed
Screenshot_74.png
I already tried almost anything I found related to this in Mikrotik wiki, but it seems not to be working for my exact purpose.
Any help will be much appreciated,
have a nice day!