Community discussions

MikroTik App
 
IAmStaka
just joined
Topic Author
Posts: 4
Joined: Thu Aug 08, 2013 1:03 am

How to fix this (Screen included)

Mon Aug 12, 2013 1:42 am

Image

i am getting regularly this type of flood by some 13 year old spoiled kid that has $20 for a booter

how can i protect myself from these attacks... the ip ranges go from 1.x.x.x. to 250.x.x.x my routerboard is at 93% at some attacks but for some it's betwen 25% and 35% cpu usage...
it's weird because i have a rule to block all port 80 traffic but they still get there....
also sometimes they use udp(17) and imcp(1) instead of tcp.
i'll appreciate any help, best will be some terminal commands for filter/nat/whatever rules i need.
i have already 50+ rules added for protection and managed to reduce the attacks by about 50-60%, but this ssyn flood is killing me.
i want to block that traffic completely and on theory i've done it already, but on practice they don't work :(
 
manson
newbie
Posts: 32
Joined: Thu Feb 14, 2013 9:41 am

Re: How to fix this (Screen included)

Mon Aug 12, 2013 12:06 pm

Is this mikrotik your main router in network?

If it is and it's cpu is at 100%, only thing you can do is to ask your provider to filter some of this traffic or filter your flooded ip.

If you have any faster router on the way, try to filter udp, and make connection or packet limit per second to your flooded ip.
 
Numenori
just joined
Posts: 15
Joined: Tue Jun 04, 2013 5:50 pm

Re: How to fix this (Screen included)

Mon Aug 12, 2013 2:13 pm

Can you just disable ip - services - www or write some hosts in "available from" column ?
 
User avatar
Chupaka
Forum Guru
Forum Guru
Posts: 8394
Joined: Mon Jun 19, 2006 11:15 pm
Location: Minsk, Belarus
Contact:

Re: How to fix this (Screen included)

Mon Aug 12, 2013 2:34 pm

show your firewall rules
Russian-speaking forum: https://forum.mikrotik.by/. Welcome!

For every complex problem, there is a solution that is simple, neat, and wrong.

MikroTik. Your life. Your routing.
 
IAmStaka
just joined
Topic Author
Posts: 4
Joined: Thu Aug 08, 2013 1:03 am

Re: How to fix this (Screen included)

Mon Aug 12, 2013 10:07 pm

@manson yes
however the ISP filtered 1 port and some ip ranges and told me they can't do more

@Numenori
i have no idea how to do this, sir


@chupaka

Image
the rules between them are for virus, spams etc these are the most "rare" ones
 
User avatar
Chupaka
Forum Guru
Forum Guru
Posts: 8394
Joined: Mon Jun 19, 2006 11:15 pm
Location: Minsk, Belarus
Contact:

Re: How to fix this (Screen included)

Mon Aug 12, 2013 11:38 pm

screenshots are absolutely not informative, use '/ip firewall export'

is 231.11 the address of your router?
Russian-speaking forum: https://forum.mikrotik.by/. Welcome!

For every complex problem, there is a solution that is simple, neat, and wrong.

MikroTik. Your life. Your routing.

Who is online

Users browsing this forum: Baidu [Spider], wichets and 74 guests