i’m getting ddos on my router on wan interface. I used ddos prevention based on http://wiki.mikrotik.com/wiki/DDoS_Detection_and_Blocking
the only diff was the incoming interface was added as wan. It was preventing ddos then one day all the packets were able to bypass these rules. The attack was as usual on wan.
I added the rule with dst ip (attacked host) with no connection state(action jump to ddos chain) and i could see the address list having ip address of the same host. How come the packets didnt had any states(new) ?
thanks in advance