TCP SYN Flood attack causing high cpu

It is almost end of 2024 and I’m suffering from exact same problem mentioned.

My router is CCR1036 and using router OS 7.

Can anyone please suggest me a better solution for the issue?

Please describe usage of CCR1036… because there are different types of configs of firewall to use depending on the scenario..

1- running as BGP ? ASN sessions?
2- running as CGNAT ?
3- running as PPPoE server?

the ideal scenario for ddos is not using connection tracking, not using ip/firewall/nat or filter rules.. for example if you are running just BGP on the box.. use only ip/firewall/raw to drop all attack vector packets before processing them on the CPU thats what explodes cpu usage on the devices..

on ip settings enable rp-filter loose, and enable tcp-syncookie

drop all ports from 0-1023 on udp and tcp..

ports 1900 ssdp upnp used on attacks also.. this should never be enabled on BGP side core router.. 11200 memcached also..

on ip/settings disable route cache on BGP.. and connection tracking enabled no.. this will increase alot … obviously there are other types of attacks…

you have V7 routerOS today , and you have cheap Xeon servers Dell R630 with E52699v4 total 88 cores at 2.4ghz clock rates.. they are 20x supperior to ccr1036 routing.. and cheaper.. running v7 x86_64 with L6 and 10G/25G/100G PCI-e 3.0 x16 mellanox cards.. can give you 10x better results than CCR2216 for example.. and much cheaper.. you just need to understand what you need..

because x86_64 cannot do switch chip hardware l3 like newer ccr2116 and ccr2216 models.. but then again u need to look at the datasheets of the hardwares to understand on and which protocols the switch chips works.. for the ISP cenario… it does not run CGNAT on switchip, it does not run BGP protocol on switch chip, it does not run pppoe-simple queues on switchip.. so all this ends up eating CPU from the ARMs.. thats where people don´t understand…

whilst x86_64 v7 multi-cpu support servers can do 10x more traffic on this protocols because they have extra cores with higher clock rates..

the higher the clock-rate the better for PPPOE-simple-queues.. for bandwidth control.. the more cores cpus available the better for CGNAT and NAT rules..

the higher clocks and more cores available the better for BGP sessions full-route to bring them up quicker then slow CCR1036 Tilera 1ghz cores used from more then a decade ago..

What are you doing that is attracting an attack??

@PortalNET why uselessly necroposting?
Are you convinced that it’s still there waiting a reply since September 2024?

Nince question… but the user never logging on foum since 27th September 2024 2024…
Is just one-post-wait-immediate-reply-and-go-away user.

Nah, user still didn’t recover from DoS attack … due to still on-going attack he could not read replies to his post.

:laughing: :laughing: :laughing: