with this creating dynamic ip's..to stop dos attacks.......and if you use Mr. Chupaka formula here.... what firewall rule is used to allow your dns to still work so customers can still get to the internet ...thank you for your time....
/ip firewall filter
add action=jump chain=forward comment=Detect-Ddos connection-state=new \
disabled=no in-interface=ether1 jump-target=detect-ddos
add action=return chain=detect-ddos comment=DOS-Exceptions disabled=no \
src-address-list=DOS-Exceptions
add action=return chain=detect-ddos comment=Detect-Ddos disabled=no \
dst-limit=32,32,src-and-dst-addresses/10s
add action=add-dst-to-address-list address-list=ddosed address-list-timeout=\
1w chain=detect-ddos comment=Detect-Ddos disabled=no
add action=add-src-to-address-list address-list=ddoser address-list-timeout=\
1w chain=detect-ddos comment=Detect-Ddos disabled=no
add action=drop chain=forward comment=Detect-Ddos connection-state=new \
disabled=no dst-address-list=ddosed src-address-list=ddoser
Re: dos attack
is this the correct way?
add address=10.0.0.0/8 list=DNS_Accept
add address=192.168.0.0/16 list=DNS_Accept
add action=jump chain=forward comment="DoS Attack 1" connection-state=new \
disabled=yes jump-target=detect-ddos
add action=return chain=detect-ddos comment="DoS Attack 2" disabled=yes \
dst-limit=1,5,dst-address src-address-list=DNS_Accept
add action=return chain=detect-ddos comment="DoS Attack 3" disabled=yes \
dst-limit=1,5,dst-address src-address-list=DNS_Accept
add action=return chain=detect-ddos comment="DoS Attack 4" disabled=yes \
dst-limit=1,5,dst-address src-address=192.168.0.0/16
add action=return chain=detect-ddos comment="DoS Attack 5" disabled=yes \
dst-limit=1,5,dst-address src-address=10.0.0.0/8
add action=add-dst-to-address-list address-list=ddosed address-list-timeout=\
10s chain=detect-ddos comment="DoS Attack 8" disabled=yes
add action=add-src-to-address-list address-list=ddoser address-list-timeout=\
10s chain=detect-ddos comment="DoS Attack 9" disabled=yes
add action=drop chain=forward comment="DoS Attack 10" connection-state=new \
disabled=yes dst-address-list=ddosed src-address-list=ddoser
I need a pro's advice.....is or will this help me and my 8 customers from being attacked and still all of us be able to surf the web....thank you for your time
add address=10.0.0.0/8 list=DNS_Accept
add address=192.168.0.0/16 list=DNS_Accept
add action=jump chain=forward comment="DoS Attack 1" connection-state=new \
disabled=yes jump-target=detect-ddos
add action=return chain=detect-ddos comment="DoS Attack 2" disabled=yes \
dst-limit=1,5,dst-address src-address-list=DNS_Accept
add action=return chain=detect-ddos comment="DoS Attack 3" disabled=yes \
dst-limit=1,5,dst-address src-address-list=DNS_Accept
add action=return chain=detect-ddos comment="DoS Attack 4" disabled=yes \
dst-limit=1,5,dst-address src-address=192.168.0.0/16
add action=return chain=detect-ddos comment="DoS Attack 5" disabled=yes \
dst-limit=1,5,dst-address src-address=10.0.0.0/8
add action=add-dst-to-address-list address-list=ddosed address-list-timeout=\
10s chain=detect-ddos comment="DoS Attack 8" disabled=yes
add action=add-src-to-address-list address-list=ddoser address-list-timeout=\
10s chain=detect-ddos comment="DoS Attack 9" disabled=yes
add action=drop chain=forward comment="DoS Attack 10" connection-state=new \
disabled=yes dst-address-list=ddosed src-address-list=ddoser
I need a pro's advice.....is or will this help me and my 8 customers from being attacked and still all of us be able to surf the web....thank you for your time
Who is online
Users browsing this forum: No registered users and 69 guests