i have tcp flood on my MT. have wan ether1 with 3000p/s on tx and 34000 p/s on rx and LAN ether2 where packet per second is normal 3000/3000 tx/rx. i know that attack is on my ip server farm on specific port and tcp protocol.
its easy to say on my ISP provider to block that and everything will be normal(i tested) but my question is, can i somehow filter and stop that trafik with another way?
i try this http://forum.mikrotik.com/t/dos-attack-or-ddos-attack-routeros-how-to-do/16926/8 with SYN-PROTECT but attack was not stopping(counters grow it means it block packets but … ) i still get 34000p/s on my wan interface at RX
any help?