Hello guys , i need to enable on syncookie protection for detect and block spoof ips. I already enabled TCP-Syn cookies in ip settings and it wont help to prevent ddos attack.
Routerboard inaccessible when synflood attack comes from spoof ips. If i limit whole new synconnections routerboard drops all new and old requests.
Please help me to solve it .
it drops all new syn packets with that rules whitch written on page.i need drop new syn paket if it comes from spoof ip address
ahmn okk, drastic solution, you can use blacklists.
filter packets to detect and add ips to firewall address list with action ADD DST TO ADDRESS LIST, and add a filter rule to drop packets.
a similar example http://forum.mikrotik.com/t/ip-trying-to-log-in/49352/1