I’ve been wondering about monitoring for incoming attacked (DDOS, port scanning, etc.).
Does RouterOS have capabilities to alert an admin when under attack?
Thanks!
How many attacks have you had in your lifetime?
How would he know if he doesn’t know how to monitor it ? 
Chicken and egg …
I see various firewall-based solutions that drop packets from sources that have more than 32 tcp connection states of type “new”
I don’t see a way to block UDP attacks.
I don’t believe I am or have been under attack.
I’m just curious if monitoring for attacks is something you professionals recommend.
You might want to have a look at these YouTube videos:
Bruteforce protection - MikroTik firewall rules:
https://youtu.be/UXGVQmFUfL4
Port knocking with MikroTik:
https://youtu.be/ZaWTuqIdhLM
I am a minimalist. If it has nothing to do with traffic that should flow I tend to shy away from it.
However there are a few things one can do, not that much…
I only recently learned of about port knocking and it is really cool!
And that is a great video (part of a great video series).
The brute force protection suggested in the other video is cool also.
Thanks!
The port knocking is useful in terms of getting a better understanding of how the router config works and what can be done.
I use wireguard for remotely connecting to the router.
As do I, thanks in great part to your help.
And WG has been working very well across 4 MT routers and 2 Ubiquiti UDM’s.
I did notice, however, that if I keep Winbox open just sitting there every now and then it will disconnect and reconnect. I wonder if the IP connectivity between sites drops for a moment and that’s what’s causing it, or something else.
Exactly that. Wireguard will recover (and usually Winbox too).
When running something like Azure Virtual Desktop over Wireguard, I also see it happening on unstable connections. AVD is VERY picky towards connection stability.
Perhaps you should consider MOAB blocks over 600 million Bad Guys from attacking your Internet » Here’s how «