Community discussions

MikroTik App
 
SPDNET
just joined
Topic Author
Posts: 6
Joined: Mon Jun 26, 2017 5:27 pm

Mikrotik SYN Cookie Protection

Tue Nov 17, 2020 8:04 pm

Hello ,
I could not find a clear source anywhere, either. When the SYN-Cookie protection on Mikrotik devices is activated, which of the following images behaves like?

http://prnt.sc/vkxth4
http://prnt.sc/vkxtgn

Kind regards
 
Sanalturkey
just joined
Posts: 3
Joined: Fri Jul 12, 2019 2:45 am

Re: Mikrotik SYN Cookie Protection

Thu Nov 19, 2020 11:49 am

SYN cookies do not do anything to protect against volumetric attacks.

Acts according to the information at https://tr.wikipedia.org/wiki/SYN_cookies.


You can test it by typing the appropriate dst limit into your raw table.
add chain=prerouting protocol=tcp tcp-flags=syn,rst action=drop
add action=drop chain=prerouting protocol=tcp tcp-flags=!fin,!syn,!rst,!ack

add action=jump chain=prerouting jump-target=RAW_SYN_ACK protocol=tcp tcp-flags=syn,ack
add action=return chain=RAW_SYN_ACK dst-limit=32,32,src-and-dst-addresses/10s  protocol=tcp tcp-flags=syn,ack
add action=drop chain=RAW_SYN_ACK
 
pe1chl
Forum Guru
Forum Guru
Posts: 7050
Joined: Mon Jun 08, 2015 12:09 pm

Re: Mikrotik SYN Cookie Protection

Thu Nov 19, 2020 11:55 am

I think SYN cookie in RouterOS is only active for TCP connections to the router itself, not when handling forwarded traffic.

Who is online

Users browsing this forum: sindy, Znevna and 97 guests