Hello!
I am trying to set up a firewall rule which I am pretty sure my Mikrotik RB750GL can do it, but I am not certain how to do it and can’t seem to get a google search that turns up the results i need since the terminology is a bit vague.
I have a 750 acting as a transparent firewall sitting between the outside world and a web hosting server. For the most part it’s been great as I can block IPs before they hit the server as often was the case that even the internal server firewall would get overloaded. However there is one type of attack I am trying to defend against. Here is the rule scenario I am trying to create:
single source IP,
X number of destination IP addresses within X amount of time
Action: add to address list.
The web hosting server has a /24 block and there is no reason for any single outside IP to connect to 3 or more of those IPs at the same time. I’d like to try to catch those IPs into an address list that I can have a short timer on to keep them from scanning too many IPs at once which can bog the server down depending on what HTTP request they are making.
Can anyone offer any suggestions? Thank you and apologizes if I am leaving out critical information.