Anonymous users always Refresh the login page,or make a web DDOS(i could see from firewall-connection when attack happened),it cause my routerboard cpu very high > 90%!
you could make a simple hotspot enviroment (just press F5 to login page!) then watch your cpu useage!
please see the picture I uploaded..
The chains of HotSpot input were created by RouterOS dynamically,that mean we could do nothing , because the chain of hs-input is already accepted!!!
we just tested three simultaneous users holding F5 on the login page, and the RB333 didn’t even break a sweat. Sure, the CPU usage rose a bit, but the number didn’t affect the performance of the router.
As I posted in your other thread you have full control over Hotspot packets in pre-hs-input, which is jumped to right at the top of hs-input.
Also, just on a sidenote: the first D in DDoS stands for ‘distributed’, what you are describing is at most a DoS attack but definitely not a DDoS attack.
One error I used to see which might be relevant to the OP, is that previously we sometimes had to increase the default ‘max client connections’ value on the web-proxy.
I know a lot has been done since this (v3.25) however the proxy is still an integral part of the hotspot (regardless of it being switched on or off on the mikrotik).