hello all, I have a problem in one of my public ips are victims of syn flood attacks. I have a 2500MHz Celeron PC, 512MB RAM, ros 4.11. what kind of rules I can add to “/ ip firewall filter.” help me
/ip firewall connection tracking
set tcp-syncookie=yes
http://wiki.mikrotik.com/wiki/DoS_attack_protection
Info regarding syncookies.
http://forum.mikrotik.com/t/tcp-syncookie/6487/3
http://lwn.net/Articles/277146/
http://en.wikipedia.org/wiki/SYN_cookies
http://cr.yp.to/syncookies.html
I also found the scene where flooded with packets with the ACK bit, the router responds with a RST. is an issue that consumes bandwidth, tcp-syncookies is not a solution. any idea to solve
If your problem is bandwidth consumption the ONLY solution is to have someone upstream block the packets. The link blake posted to the Mikrotik wiki contains pretty much the things you can do on your router, but of course nothing can solve the issue of an uplink being saturated by DoS attacks other than your upstream not putting the packets on the wire in the first place.