Code: Select all
hping3 --udp --data 1024 --spoof --rand-source 192.168.88.1 CCR-1036 got rebooted with DDoS
I have CCR-1036 and to test that i have plug it directly with Linux box to test network performance. I have added single IPtables rules to check firewall performance and run following command
Booooom!! mikrotik rebooted in 30 second.. i am able to reproduce each and every time... Anybody know what is going on?
-
-
Revelation
Member
- Posts: 336
- Joined:
Re: CCR-1036 got rebooted with DDoS
Pay attention to Memory usage and CPU while you run the test. If you are hitting a max in one of those, yep, that can happen. In fact it can happen to any vendor.
Further, What RouterOS are you running?
Further, What RouterOS are you running?
Re: CCR-1036 got rebooted with DDoS
Absolutely true. I acquired my first pair of Junipers (MX104, quite expensive) and they behaved the same. DDoS? Bam! The whole box went offline. It didn't rebooted but spent a couple of minutes unresponsive while dropping all BGP sessions and all connections in this meant time. The uptime didn't reset but the consequences were the same.In fact it can happen to any vendor.
The reason? This feature was enabled. I had to turn it off.
Re: CCR-1036 got rebooted with DDoS
I have check my CPU load it was around 30-40% but it has tons to memory, 16G and plenty free. I can understand handling DDoS isn't fun... But its normal amount of DDoS. CCS-1036 has 10G fiber port and i am going to hook 10G fiber. If it can't handle 500Mbps DDoS attack then how the hell it can handle other outside nasty attack..Pay attention to Memory usage and CPU while you run the test. If you are hitting a max in one of those, yep, that can happen. In fact it can happen to any vendor.
Further, What RouterOS are you running?
My Lab attack is simple Hping3 throwing random source. I have checked attack size is 500Mbps and its opening 500k Tracking connection.
I have ran same test on Linux base firewall with same IPTables rules and Linux firewall handling 1million connection without single drop of packet..
I want benchmark result before i move this piece in production.. If it getting reboot in small hping3 command i need to think about it...
Re: CCR-1036 got rebooted with DDoS
Update:
Worked with support on this issue and finally it resolved in 6.34rc6 version
They said they mark this bugfix in 6.34.2 + releases, Any idea when 6.34.2 coming out?
Worked with support on this issue and finally it resolved in 6.34rc6 version
They said they mark this bugfix in 6.34.2 + releases, Any idea when 6.34.2 coming out?
Re: CCR-1036 got rebooted with DDoS
is a specific weakness of your configuration
if you really want to secure a router
you need to create rules to policy and QoS traffic towards router to protect it
in Cisco its called Control Plane Protection and Control Plane policing
if you really want to secure a router
you need to create rules to policy and QoS traffic towards router to protect it
in Cisco its called Control Plane Protection and Control Plane policing
Who is online
Users browsing this forum: Bing [Bot], diasdm and 181 guests