Community discussions

 
kazim
newbie
Topic Author
Posts: 27
Joined: Tue Feb 14, 2012 3:39 pm

Dos Attacks

Wed Jul 31, 2013 7:38 am

Hello,

I have some problem with mikrotik RB 1100 and RB 433.i have public ips for both of them.I configure those Ips to WAN interface while nating on lan interface.for few days i get the problem both of them that wan interface using 3Mbps upload and 3Mbps Download while on the lan interface have 30 kbps upload and 40 kbps download and cpu load become 100%. i am thinking that this is dos attacks. also if any other issue. kindly help me. i shall be very thankful.
 
mistry7
Forum Guru
Forum Guru
Posts: 1323
Joined: Tue Oct 13, 2009 11:57 am
Location: Germany

Re: Dos Attacks

Wed Jul 31, 2013 8:32 am

Please Post your Firewall rules
 
Rudios
Forum Veteran
Forum Veteran
Posts: 966
Joined: Mon Mar 11, 2013 12:58 pm
Location: The Netherlands

Re: Dos Attacks

Wed Jul 31, 2013 8:34 am

Hello,

I have some problem with mikrotik RB 1100 and RB 433.i have public ips for both of them.I configure those Ips to WAN interface while nating on lan interface.for few days i get the problem both of them that wan interface using 3Mbps upload and 3Mbps Download while on the lan interface have 30 kbps upload and 40 kbps download and cpu load become 100%. i am thinking that this is dos attacks. also if any other issue. kindly help me. i shall be very thankful.
How are your devices protected by firewalls? And can you share us your config?
Testing setup with: 2 x RB750UP | 2 x RB750GL | 1 x RB951G-2HnD | 1 x RB2011UiAS-IN
 
kazim
newbie
Topic Author
Posts: 27
Joined: Tue Feb 14, 2012 3:39 pm

Re: Dos Attacks

Thu Aug 01, 2013 2:54 pm

here is my firewall rules. I just block address

ip firewall filter print
Flags: X - disabled, I - invalid, D - dynamic
0 ;;; HR Readland
chain=forward action=drop src-mac-address=4C:EB:42:39:20:47

1 ;;; Jawid
chain=forward action=drop src-mac-address=8C:A9:82:40:05:64

2 ;;; khalids
chain=forward action=drop src-mac-address=48:60:BC:0C:7D:36

3 ;;; Omid
chain=forward action=drop src-mac-address=00:22:FB:A3:EA:80

4 ;;; Olive
chain=forward action=drop src-mac-address=4C:80:93:10:02:34

5 ;;; Suffrudin
chain=forward action=drop src-mac-address=54:E6:FC:93:15:23

6 ;;; Olive 2
chain=forward action=drop src-mac-address=18:03:73:9E:B5:B6

7 ;;; Jawid 2
-- [Q quit|D dump|down]
 
fermintrv
just joined
Posts: 8
Joined: Fri May 21, 2010 11:56 am

Re: Dos Attacks

Thu Aug 01, 2013 3:22 pm

Protect your router in input chain for access of not autorized connection, for example:


/ip firewall address-list
add address=192.168.X.X/24 comment="" disabled=no list="Network LAN"
/ip firewall filter
add action=accept chain=input src-address-list="Network LAN"

the rest drop. Use Torch and log for throbleshotting.
 
kazim
newbie
Topic Author
Posts: 27
Joined: Tue Feb 14, 2012 3:39 pm

Re: Dos Attacks

Thu Aug 01, 2013 6:57 pm

I have problem with WAN side so why i can protect the LAN network
 
Ehman
Member
Member
Posts: 363
Joined: Mon Nov 15, 2010 10:49 pm

Re: Dos Attacks

Thu Aug 01, 2013 7:35 pm

I haven't had time to play around with it, but this might help you.

http://wiki.mikrotik.com/wiki/DoS_attack_protection
 
kazim
newbie
Topic Author
Posts: 27
Joined: Tue Feb 14, 2012 3:39 pm

Re: Dos Attacks

Fri Aug 02, 2013 3:47 am

i have tried a lot but all in vain. when i disabled my web proxy everything is in normal condition and working smoothly and cpu load become to 1%. So i don't understand that what happening with the proxy.


any body knows about that
 
User avatar
janisk
MikroTik Support
MikroTik Support
Posts: 6283
Joined: Tue Feb 14, 2006 9:46 am
Location: Riga, Latvia

Re: Dos Attacks

Fri Aug 02, 2013 3:57 pm

check your /ip proxy settings, check if you have set that the proxy cache can be saved on system storage. (if you have hotspot on router, proxy is enabled as that is one of basic requirements for hotspot to work)
 
zizobaddy
Member Candidate
Member Candidate
Posts: 107
Joined: Mon Sep 13, 2010 10:13 am

Re: Dos Attacks

Sun Aug 04, 2013 1:23 am

Hi

i had this problem about 1 year ago and i can tell you its a proxy thing (thanks to

Should you wish to keep using proxy add this to you Firewall filter

/ip firewall filter
add action=drop chain=input comment="Block Open PROXY" disabled=no dst-port=8080 in-interface=wan protocol=tcp src-address=0.0.0.0/0

You should be fine
 
kazim
newbie
Topic Author
Posts: 27
Joined: Tue Feb 14, 2012 3:39 pm

Re: Dos Attacks

Sat Apr 19, 2014 1:44 pm

Thanks a lot

its working with firewall rule
/ip firewall filter
add action=drop chain=input comment="Block Open PROXY" disabled=no dst-port=8080 in-interface=wan protocol=tcp src-address=0.0.0.0/0

Who is online

Users browsing this forum: Google [Bot] and 88 guests