Hello ,
I could not find a clear source anywhere, either. When the SYN-Cookie protection on Mikrotik devices is activated, which of the following images behaves like?
http://prnt.sc/vkxth4
http://prnt.sc/vkxtgn
Kind regards
SYN cookies do not do anything to protect against volumetric attacks.
Acts according to the information at https://tr.wikipedia.org/wiki/SYN_cookies.
You can test it by typing the appropriate dst limit into your raw table.
add chain=prerouting protocol=tcp tcp-flags=syn,rst action=drop
add action=drop chain=prerouting protocol=tcp tcp-flags=!fin,!syn,!rst,!ack
add action=jump chain=prerouting jump-target=RAW_SYN_ACK protocol=tcp tcp-flags=syn,ack
add action=return chain=RAW_SYN_ACK dst-limit=32,32,src-and-dst-addresses/10s protocol=tcp tcp-flags=syn,ack
add action=drop chain=RAW_SYN_ACK
I think SYN cookie in RouterOS is only active for TCP connections to the router itself, not when handling forwarded traffic.