Community discussions

MikroTik App
 
CR24
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 61
Joined: Wed Dec 04, 2013 10:32 pm

BGP IP Issue

Fri Jun 15, 2018 10:47 am

I recently setup BGP with a couple ISPs but I am not having any issues on the BGP setup itself, that works perfectly. The issue I am having is I bought a /24 block off an Auction site, since ARIN is no longer giving any out this was my only option, and it seems this block was HEAVILY used, when I go to the connections log there are IPs from everywhere trying to connect to anything and everything.

So my question is, is there a way to setup a script or some sort of filtering to drop or add the source IPs to a blacklist. All of these connections are just constantly in a "Syn Sent" state, I attached a screenshot of a small portion of the connection log, there are many more.
You do not have the required permissions to view the files attached to this post.
Last edited by CR24 on Mon Jun 18, 2018 8:28 pm, edited 1 time in total.
 
User avatar
mrz
MikroTik Support
MikroTik Support
Posts: 7044
Joined: Wed Feb 07, 2007 12:45 pm
Location: Latvia
Contact:

Re: BGP IP Issue

Fri Jun 15, 2018 11:29 am

Use firewall with dst-limit and add-to-address-list action.
 
CR24
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 61
Joined: Wed Dec 04, 2013 10:32 pm

Re: BGP IP Issue

Fri Jun 15, 2018 6:35 pm

What would be a safe number to still allow my actual users to get through?


I am running the below rules (this IP block is not being used for live users right now, so every hit is an unwanted IP and my blacklist is already over 1500 entries in the 2 minutes it has been running)



/ip firewall filter
add action=add-src-to-address-list address-list=BLACKLIST address-list-timeout=\
    2w chain=input comment="Rate Limit" dst-address=0.0.0.0/24 dst-limit=\
    10,10,src-address/1m40s protocol=tcp tcp-flags=syn
add action=add-src-to-address-list address-list=BLACKLIST address-list-timeout=\
    2w chain=forward dst-address=0.0.0.0/24 dst-limit=\
    10,10,src-address/1m40s protocol=tcp tcp-flags=syn
 
User avatar
sri2007
Member Candidate
Member Candidate
Posts: 205
Joined: Wed May 20, 2015 10:14 pm
Location: Lake Grove, NY

Re: BGP IP Issue

Mon Jun 18, 2018 12:58 pm

Yep, you'll need new firewall rules at all of your sites who have any public IP address configured.
 
CR24
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 61
Joined: Wed Dec 04, 2013 10:32 pm

Re: BGP IP Issue

Mon Jun 18, 2018 5:35 pm

Yeah, rules for Static IPs are the easy part, the hard part is allowing connectivity for Dynamic IPs and IPs from indirect customers.


Are there no filtering options for connections that are constantly in a "syn sent" state?

Who is online

Users browsing this forum: No registered users and 10 guests