I am getting huge attack on source port 385 called CLDAP port from multiple sources and destination is one of my IP but i am not using that IP anywhere in the network .and only that attack is heating to the Core router WAN interface which is connected to the Telco and no any firewall rules are working ..Huge attack is coming and its just crazy …What can be the problem ..
I shared the captured packet with mikroitk but did not get any response on it..
MikroTik is not listening on that port by default. Of course anyone can send traffic to any port optionally in DDoS form, but that is not a MikroTik problem.
Such things are usually retaliations against one of your customers or against yourself.
There really is no solution other than waiting for it to go away.
mikrotik firewall not able to control the flooding and even raw firewall is not able to stop it…I asked the upstream but
they cant block it..One more thing is that the attack is coming on my IP which is not connected anywhere in the network.
Cant understand the problem ,..How long this problem will continue…Terrible..
Well, that is the internet.
You cannot know how this is caused and how long it will continue.
Your MikroTik router has nothing to do with this.
More likely your behavior or one of your client’s behavior on internet (like cheating in a game, cutting off someone for doing something you did not like, etc).
Some childish people will retaliate for such actions by setting up something like this.
But that does not have to be true, it can also be just a mistake from someone.
Oops..if any basic things i will have to check then suggest me plz..!!
There is nothing you can do except think what could have caused someone to get mad at you or one of your customers.
I had this happen in my network before and it was quite clear what had happened. But still there was nothing I could
do except
wait
have it blocked upstream
In this case it sort of stopped after a day or two. Your case is apparently more persistent.