Hello!
I got DDoS on my router (RB751G-2hnd) from ether1 port.
I could fix it only after 10 hours of DDoS by adding a rule into firewall.
All of this time router had 100% loaded CPU.
After this on ports with 192.168/16 subnet:
Router response on only 1 of 20-30 pings with 2000-3000ms time.
Winbox works very-very slow.
All packets that from or to 192.168/16 subnet flow very-very slow or dont flow.
CPU have 0-3% load.
I didnt anything except adding one rule into firewall that drop all packets from evil IP.
Removing this rule doesnt help.
I have this config:
ether1 - gateway to the internet with dhcp client
ether2-ether4 - switch with 192.168/16 subnet
ether5-wlan1 are bridged, it have 172.16.1/24 subnet
On ether5 and over wifi the router works perfect.
Entry in Winbox by MAC-address works perfect (from all ports).
Full reset and restoring backup didnt help.
Firmware 6.22.
I noticed that adding a rule into firewall make the router crazy. Any work with firewall rules can make my router crazy.
Can it be some breakage of memory?
your router probably doesnt have ECC. Aside from that try rebooting. You should make a firewall rule that tarpits TCP and drops the rest on the input I have 3 networks on my CCR and i managed to make a working firewall rule that handles all attacks well even with the services i run on the CCR and the dual NAT setup which is a complicated network setup.
Without a firewall rule all traffic that goes to router on input is handled like a normal linux server. Without the firewall rule to drop you would get DDOS easy. As a normal linux server routerboards dont have much CPU power that normal x86 boxes do.
Thanks for advices, SystemErrorMessage.
I dont have DDoS now, but I have some consequences.
I think something in hardware is broken. I’ve checked whole config - everything is fine. But my router goes crazy when I’m trying to adding some rule in firewall or when traffic flow thru some firewall rules.