TEST on : RB951Ui-2HnD ver 6.38.7 (Bugfix only)
app used in attack : synflooder Version2
the app flooded the server ip on port 80 result cpu 100% and denial of service present during attack
even with firewall filter on drop chain the cpu was on 100%
only solution was to block the flooder ip on hotspot
pic x with ip bind block on
pic / without
protection setup
firewall rule
add action=add-src-to-address-list address-list=flooder-list
address-list-timeout=5m chain=pre-hs-input comment=“flood detect”
connection-limit=400,32 log=yes log-prefix=flooder protocol=tcp
script must run every 5 min or less to block attackers ip fast /on heavy attack address list timeout 50 sec and script runs every 45 sec
{
:local x
:foreach i in=[/ip firewall address-list find list=“flooder-list”] do={
:set x [/ip firewall address-list get value-name=address $i]
ip hotspot ip-binding add address=$x type=blocked
}}
