Tcp flood protection is ok. but is there any feature to drop udp & dns flood?
cavital -
I would think that a standard firewall rule would do what you are looking for…here is the one I use for pings.
chain=input connection-mark=ping limit=10,20 action=accept
Of course I marked the packet in Ip / Firewall / Mangle first…
The above line says allow 10 per second with a burst of 20 …
can i use this answer for udp flood & dns flood? it still make my bandwidth full.
it came from many ip
Today i saw a udp flood attack on one of my mikrotik routers, there’s no tarpit in UDP what should i do?
block just count up the packets! there’s no stop received flooded packets!
is effective by using limitations?
Firewal filter ‘connection-limit’ works with UDP.
Read Chupaka’s post about DDoS blocking:
http://forum.mikrotik.com/t/ddos-story-or-warning-use-conection-limit-with-caution/49743/1
HTH,
Also, tarpit does not make any sense for UDP connections, as there are no connections when talking about UDP as it can be sent no matter what other end is responding.
Also, tarpit does not make any sense for UDP connections, as there are no connections when talking about UDP as it can be sent no matter what other end is responding.
Yes i know the UDP is connectionless yanisk!
the purpose was what can do with udp flood attacks, I hadn’t enough time, also changed the IP address of that router didn’t help!
i requested to ban my IP from the network core (telecom company) and change the IP with new one in that range.
set the firewall rules with limitations for udp floods and waiting for count up in future.
i think i should simulate a udp attack and defence in my workshop and do some researches in time.
thanks alot
simple enough to stage - UDP bandwidth-test
solution suggested by chupaka is also quite elegant.
thanx fo reminding, i forgot bandwitdh test tool 