Hello,
I need some help before some days I have an atack on mikrotik router and evrything goes down now it sems to be an ddos atack does anybody know any way to defend or prevent these kind of atacks.
Thanks
I also am getting DOS attacks on my network - they are from random addresses on random ports!!!
I setup a 2k queue for all ICMP traffic and this seems to have helped. It drops some ICMP traffic during busy periods but all other traffic seems to work fine…
I’ve created a SynFlood firewall chain that I pass things thru. I believe this is working, but not 100% sure it’s the optimal values:
0 in-interface=level3.1 protocol=tcp tcp-options=syn-only limit-count=100 limit-burst=5 limit-time=1s action=return
1 in-interface=level3.1 protocol=tcp tcp-options=syn-only action=drop
so i’ve creat a new chain with name “SynFlood” then i create this
0 src-address=0.0.0.0/0:0-65535 in-interface=all
dst-address=0.0.0.0/0:0-65535 out-interface=all protocol=tcp
icmp-options=any:any tcp-options=syn-only connection-state=any flow=""
connection="" content="" src-mac-address=00:00:00:00:00:00
limit-count=100 limit-burst=5 limit-time=1s action=return log=no
1 src-address=0.0.0.0/0:0-65535 in-interface=all
dst-address=0.0.0.0/0:0-65535 out-interface=all protocol=tcp
icmp-options=any:any tcp-options=syn-only connection-state=any flow=""
connection="" content="" src-mac-address=00:00:00:00:00:00
limit-count=0 limit-burst=0 limit-time=0s action=drop log=no
is that ok