Is RB951G-2HND Safe From DDOS ?, Is there any way to prevent this ?, before this I use D-Link wireless router and if DDOS by someone my CCTV and smart home system is also crash, can I prevent that happen again to my system ?
*DDOS effect is very fatal, loose access to open my door, etc, because door lock is electric, controlled by arduino and raspberry pi, connected via wireless router
From router to house boundaries wall is nearby 3 meters, can I use firewall, limit wireless strength, or do another stuff to prevents that DDOS happen again ?
Hi, not sure if this topic belongs to wireless networking but anyway…
To understand the basics you need to answer 2 questions:
1.what is your ISP uplink bandwidth and how is your ISP managing traffic when it reaches\exceeds this limitation ?
2.Is there enough router CPU performance to handle full loaded uplink channel with firewall rules made to drop DDoS traffic?
So RB951G-2HND got a single core AR9344 running at 600Mhz(default)
as we can see from its’ test results https://mikrotik.com/product/RB951G-2HnD#fndtn-testresults it can forward up to ~60Kpps(60 000packets per second) while having 25 active ip filter rules(more rules or very complicated ones, less packets per second btw) which means that in the worst case scenario:
attacker uses 64byte packet size this router can forward up to 60000packets64bytes8 ~ 31MBits\s * , if the number of packets exceeds 60 000 router’s cpu will start to “loose” packets it cannot handle.(you saw the result with your d-link router)
Another possibility is to mess with wireless. Either hack it to gain access to LAN or create enough interference for clients (door lock, CCTV) to drop off wireless network. Either is hard to defend against determined attacker (unless one uses some appropriately sized drill bits and installs some UTP cables).
With all respect but using such important devices like door lock on wlan or even not separate them from other net when connected by UTP is stupid =)
also using ipcams on wlan is not the best idea