I have been under attacks for a month from contabo’s ip’s , I tried to block the attacks from the Mikrotik..but it did not stop the attack or mitigate it, I changed the entrance to the Internet in Mikrotik, but the attack continue on the “WAN” .. I need A way or any online service to stop this attack now!
No way to block incoming traffic without help from ISP.
keep in mind source ip of traffic can be spoffed so the source ip you are detecting can be not related with the real source of attack
Not enough info and without evidence hard to comment.
First, where is you config?
How are you connected to the internet.
WHy not just change your public IP address.
I think that there is more to this story that you are not revealing.
What do you host thats attractive to hackers?
I am connected to the Internet via a static IP and it works on Mikrotik x86, I changed the IP and the attacks came back again after less than an hour and I am transmitting the Internet to my subscribers on the network “home networks”.
– My config is drop the source ip’s in raw by udp port. that’s it!
The ISP set up a fortigate firewall and it didn’t work or help well, after that they said to me to protect myself 
I understand this, meaning that the traffic source could be coming from external vpn servers, isn’t that what you mean?
Your subscribers should hire a network administrator.
This is what you need! Based on your cooperation and replies here…
https://mikrotik.com/consultants
My main language is Arabic, so I don’t know how to write the full details.
Thank you!
I have a CCNA certificate .
And who cares on on MikroTik forum?
Regardless of the device used,
regardless of the level of instruction,
regardless of any useless certification,
if you change the Public IP and the problem persists, three things may be more plausible, among others:
- You have one (or more) infected user causing the remote attack;
- One (or some) of your devices is totally compromised and keep calling the Command & Control center, that always knows what is your IP on that way;
- You have activated the DDNS Cloud, and of course, if the IP changes, the DDNS Cloud also has your IP changed, and attackers always know your IP;
- Etc. Etc. Etc.
Thanks for your help.
Well, how can I identify the device on the network from over 600 users?
You have a way?
For the DDNS they are disabled.
A network diagram helps break language barriers.
A config is agnostic.
Use google translate when necessary.
OR simply put…
yusaeid mukhatat alshabakat ealaa kasr hawajiz allughati.
altakwin hiadiun.
astakhdim mutarjim jujil eind aldarurati.
'aw bibasatat dae …
I’m applied this config after the raw config befor 2 days and nothig changed
https://help.mikrotik.com/docs/pages/viewpage.action?pageId=28606504
Yes, if I were physically there and knew what the whole network is like…
But since that’s not the case, you’d better hire someone who knows how to do it on the spot…
I didn’t ask who has the papers that qualifies you for the job.
I was asking to hire someone that actually knows what he’s doing.
Cheers.
I have full control of the network and I know everything about it.
I know what i’m do but i need someone to explain everything without this forum:)
I disconnected all users, reset the Mikrotik and set the rules of the firewall, and when I put the internet cable in it without any user other than my device, the Atak was working at a full internet speed of 200mbps , Then I reset the mikrotik again and put the internet entrance in it without setting any presets and the attacks found.
First, where is you config?
Post your MikroTik Router config. It may be some wrong with your router.