Hello,
I have a mikrotik ccr 1036 and most of my ddos attacks are on TCP/UDP and currently my connection tracking is disabled and i block destination hosts on RAW filtering for reduce cpu loads. so i want to know this way save better CPU usages for me or enable connection tracking and use fast track ? which one has better performance while you are under attack ?
Note: there is no important for us the attack forward to user .
Thanks
This has been discussed the last days and in the past.
If connection tracking is disabled, it makes no difference if it is blocked in RAW or in Filter.
When you can live with disabled connection tracking to fend of the ddos then that is better.
On the other hand, if you need connection tracking enabled, then RAW is the place to drop DDOS packets.