Several of our Mikrotiks are experiencing huge amounts of DNS requests from zing.zong.co.ua is there anyway we can block this kind of malicious activity on the Mikrotik automatically?
Yes. It is hundred times all around. Read forum fist before you write…
I have and I have tried several of the suggestions with no luck.
So you should describe what you did and with what results.
I have tried the following…
Changing my DNS settings to various different servers,
Blocking out the domain of the Name in question (zing.zong.ca.au) using the firewall drop
adding this to the firewall to tarpit the fns
/ip firewall filter add chain=input protocol=tcp connection-limit=LIMIT,32 action=add-src-to-address-list address-list=blocked-addr address-list-timeout=1d
/ip firewall filter add chain=input protocol=tcp src-address-list=blocked-addr connection-limit=3,32 action=tarpit
none of the above has worked for me.
Are you sure the DNS requests come by tcp?
I have a tcp port 53 tarpit on my VPN gateway - 16 packets since 1st of March.
And a drop rule for udp port 53, more than 500’000 packets since 1st of March…
Maybe you should try this.
Cheers
-Chris
Sure. Add general drop for tcp and udp port 53 coming from inbound wan interface.