Community discussions

MikroTik App
 
kashifzai86
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 58
Joined: Mon Nov 09, 2015 8:58 am
Location: Karachi

DDoS Attack blocking my Own users - How to fix Users

Sun May 30, 2021 3:04 pm

Hello All.

I have implemented DDoS Rule quite long time, by using this thread https://help.mikrotik.com/docs/pages/vi ... d=28606504

But from few days I'm monitoring that some of my users IP are listing within "DDoS Attackers List" (see attached file for reference) i.e. IP Range with 172.16.x.x. So I disable this rule from IP Firewall --> RAW Tab ( just now) so that users can still use internet.

Question:- I need to know is there any way that I can fix this issue originating from user END?? or Is there any way I would make a rule or any script so that my user having 172.16.x.x ragne never fall in DDoS attacker List??

Please suggest, if any workaround solution is there??
You do not have the required permissions to view the files attached to this post.
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 18958
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: DDoS Attack blocking my Own users - How to fix Users

Sun May 30, 2021 4:00 pm

The more important question is why are your users getting caught by your rules.
Suggest the rules need adjusting !!!!!
If all a hacker needs to do is mimic a WANIP address.......................
 
DarkNate
Forum Veteran
Forum Veteran
Posts: 997
Joined: Fri Jun 26, 2020 4:37 pm

Re: DDoS Attack blocking my Own users - How to fix Users

Sun May 30, 2021 4:03 pm

Change in-interface-list to WAN instead to only detect from inbound traffic.
 
johnson73
Member Candidate
Member Candidate
Posts: 172
Joined: Wed Feb 05, 2020 10:07 am

Re: DDoS Attack blocking my Own users - How to fix Users

Sun May 30, 2021 4:51 pm

if you use default rules, you copy these policies before the last "drop input" rule
add action=jump chain=input comment="Dos protect" connection-state=new \
    jump-target=detect-ddos
add action=return chain=detect-ddos dst-limit=32,42,src-and-dst-addresses/10s
add action=return chain=detect-ddos src-address=192.168.88.1
add action=add-dst-to-address-list address-list=ddosed address-list-timeout=\
    1w10m chain=detect-ddos
add action=add-src-to-address-list address-list=ddoser address-list-timeout=\
    1w10m chain=detect-ddos
/ip firewall raw
add action=drop chain=prerouting comment=DDos dst-address-list=ddosed src-address-list=ddoser
 
kashifzai86
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 58
Joined: Mon Nov 09, 2015 8:58 am
Location: Karachi

Re: DDoS Attack blocking my Own users - How to fix Users  [SOLVED]

Sun May 30, 2021 6:21 pm

Change in-interface-list to WAN instead to only detect from inbound traffic.
Hmmm... Sounds Good... Will do and then see Whats happen

Who is online

Users browsing this forum: adimihaix, coreshock, rplant and 74 guests