Page 1 of 1

Mikrotik SYN Cookie Protection

Posted: Tue Nov 17, 2020 8:04 pm
by SPDNET
Hello ,
I could not find a clear source anywhere, either. When the SYN-Cookie protection on Mikrotik devices is activated, which of the following images behaves like?

http://prnt.sc/vkxth4
http://prnt.sc/vkxtgn

Kind regards

Re: Mikrotik SYN Cookie Protection

Posted: Thu Nov 19, 2020 11:49 am
by Sanalturkey
SYN cookies do not do anything to protect against volumetric attacks.

Acts according to the information at https://tr.wikipedia.org/wiki/SYN_cookies.


You can test it by typing the appropriate dst limit into your raw table.
add chain=prerouting protocol=tcp tcp-flags=syn,rst action=drop
add action=drop chain=prerouting protocol=tcp tcp-flags=!fin,!syn,!rst,!ack

add action=jump chain=prerouting jump-target=RAW_SYN_ACK protocol=tcp tcp-flags=syn,ack
add action=return chain=RAW_SYN_ACK dst-limit=32,32,src-and-dst-addresses/10s  protocol=tcp tcp-flags=syn,ack
add action=drop chain=RAW_SYN_ACK

Re: Mikrotik SYN Cookie Protection

Posted: Thu Nov 19, 2020 11:55 am
by pe1chl
I think SYN cookie in RouterOS is only active for TCP connections to the router itself, not when handling forwarded traffic.