Hi Support, we are observing continous RX traffic.
Tried all forum scripts and options, its still going one.
screenshot attached
Hi
wan interface drop incoming traffic only accept ports you allow
add action=drop chain=input in-interface-list=WAN
This is a user-to-user forum, not official MikroTik support.
screenshot attached
Are you sure it isn’t a QUIC download?
this is core router which has 2 upstream bgp
router os is 6.47.10
if I disable WAN, it will completely drop all traffic [aprox 900Mbps]
Non sequitur. What I’m asking is, how do you know one of your users isn’t simply downloading a big file from this 41 address?
the IP that I am getting this RX traffic are already disabled. This is going on for the last 15-17 hours continous.
And none of my customers have plans bigger than 50Mbps
No forum script or option, and no support for your router, will terminate a stream that others send to you.
You need to ask the support for the sending system. Good luck with that!
you should block it before its enter your router.
call or email your uplink service provider, if that truly ddos or flooding.
Without seeing your config, wont care to speculate
/export hide-sensitive file=anynameyouwish
I contacted upstream and they advised bgp-community blackhole, they shared with me the bgp community and I have created /32 prefix with the set-bgp-community which is my IP received all the 300Mbps capacity. It also shows on the bgp-advertisements. However when I torch the WAN interface I am still receiving the attack on my /32 IP.
Any other suggestions?
How I survived a DDoS attack youtube video by Jeff Geerling