Community discussions

 
Nemoo
just joined
Topic Author
Posts: 7
Joined: Fri Oct 19, 2012 6:13 pm

How work firewall?

Sun Dec 01, 2013 7:34 pm

Today I had ddos attack from ipv6 addresses.
In address list have at src-address is attacks addresses.
Firewall filters have rule:
 0   chain=forward action=drop protocol=udp src-address-list=ddosers 
 1   chain=forward action=drop protocol=tcp src-address-list=ddosers

 4   chain=forward action=jump jump-target=detect-ddos6 connection-state=new

17   chain=detect-ddos6 action=add-src-to-address-list address-list=ddosers address-list-timeout=10h connection-limit=90,32 
18   chain=detect-ddos6 action=add-src-to-address-list address-list=ddosers address-list-timeout=10h limit=100,20
When host is under attack. Router disconnect winbox and after attacks I can't connect again.

Sometimes router was reboot.

Attacks was from two addresses to host and used protocol udp to many ports destination.

ROS is version 5.26

My questions are:
Why rule checks 4,17,18 when addresses list have added src address?
Why router reboot?
Why router disconnect winbox.
Why after attack I can connect to router on webside or ssh but don't with use winbox.

Who is online

Users browsing this forum: MSN [Bot] and 125 guests