Page 1 of 1

Dos Attacks

Posted: Wed Jul 31, 2013 7:38 am
by kazim
Hello,

I have some problem with mikrotik RB 1100 and RB 433.i have public ips for both of them.I configure those Ips to WAN interface while nating on lan interface.for few days i get the problem both of them that wan interface using 3Mbps upload and 3Mbps Download while on the lan interface have 30 kbps upload and 40 kbps download and cpu load become 100%. i am thinking that this is dos attacks. also if any other issue. kindly help me. i shall be very thankful.

Re: Dos Attacks

Posted: Wed Jul 31, 2013 8:32 am
by mistry7
Please Post your Firewall rules

Re: Dos Attacks

Posted: Wed Jul 31, 2013 8:34 am
by Rudios
Hello,

I have some problem with mikrotik RB 1100 and RB 433.i have public ips for both of them.I configure those Ips to WAN interface while nating on lan interface.for few days i get the problem both of them that wan interface using 3Mbps upload and 3Mbps Download while on the lan interface have 30 kbps upload and 40 kbps download and cpu load become 100%. i am thinking that this is dos attacks. also if any other issue. kindly help me. i shall be very thankful.
How are your devices protected by firewalls? And can you share us your config?

Re: Dos Attacks

Posted: Thu Aug 01, 2013 2:54 pm
by kazim
here is my firewall rules. I just block address

ip firewall filter print
Flags: X - disabled, I - invalid, D - dynamic
0 ;;; HR Readland
chain=forward action=drop src-mac-address=4C:EB:42:39:20:47

1 ;;; Jawid
chain=forward action=drop src-mac-address=8C:A9:82:40:05:64

2 ;;; khalids
chain=forward action=drop src-mac-address=48:60:BC:0C:7D:36

3 ;;; Omid
chain=forward action=drop src-mac-address=00:22:FB:A3:EA:80

4 ;;; Olive
chain=forward action=drop src-mac-address=4C:80:93:10:02:34

5 ;;; Suffrudin
chain=forward action=drop src-mac-address=54:E6:FC:93:15:23

6 ;;; Olive 2
chain=forward action=drop src-mac-address=18:03:73:9E:B5:B6

7 ;;; Jawid 2
-- [Q quit|D dump|down]

Re: Dos Attacks

Posted: Thu Aug 01, 2013 3:22 pm
by fermintrv
Protect your router in input chain for access of not autorized connection, for example:


/ip firewall address-list
add address=192.168.X.X/24 comment="" disabled=no list="Network LAN"
/ip firewall filter
add action=accept chain=input src-address-list="Network LAN"

the rest drop. Use Torch and log for throbleshotting.

Re: Dos Attacks

Posted: Thu Aug 01, 2013 6:57 pm
by kazim
I have problem with WAN side so why i can protect the LAN network

Re: Dos Attacks

Posted: Thu Aug 01, 2013 7:35 pm
by Ehman
I haven't had time to play around with it, but this might help you.

http://wiki.mikrotik.com/wiki/DoS_attack_protection

Re: Dos Attacks

Posted: Fri Aug 02, 2013 3:47 am
by kazim
i have tried a lot but all in vain. when i disabled my web proxy everything is in normal condition and working smoothly and cpu load become to 1%. So i don't understand that what happening with the proxy.


any body knows about that

Re: Dos Attacks

Posted: Fri Aug 02, 2013 3:57 pm
by janisk
check your /ip proxy settings, check if you have set that the proxy cache can be saved on system storage. (if you have hotspot on router, proxy is enabled as that is one of basic requirements for hotspot to work)

Re: Dos Attacks

Posted: Sun Aug 04, 2013 1:23 am
by zizobaddy
Hi

i had this problem about 1 year ago and i can tell you its a proxy thing (thanks to

Should you wish to keep using proxy add this to you Firewall filter

/ip firewall filter
add action=drop chain=input comment="Block Open PROXY" disabled=no dst-port=8080 in-interface=wan protocol=tcp src-address=0.0.0.0/0

You should be fine

Re: Dos Attacks

Posted: Sat Apr 19, 2014 1:44 pm
by kazim
Thanks a lot

its working with firewall rule
/ip firewall filter
add action=drop chain=input comment="Block Open PROXY" disabled=no dst-port=8080 in-interface=wan protocol=tcp src-address=0.0.0.0/0