Community discussions

MikroTik App
 
dorijan
Member Candidate
Member Candidate
Topic Author
Posts: 244
Joined: Fri Jun 04, 2004 12:42 am
Location: Croatia

Real life experience stopping DDOS

Thu Mar 27, 2014 10:43 pm

Hi to all...
I am interested does anyone have any real life experience with Mikrotik and DDOS and how Mikrotik behave while he is under DDOS. I know Mikrotik is not a silver bullet, but I would like to know what he is capable of.

Is it better to get appliance or to use server grade x86 machines? How about a Cloud core routers? How does he compares to some Cisco routers.
I have great experience in Mikrotik in wireless and SOHO environment but on this level I dont have any...

Big client of mine is thinking about switching to Mikrotik in his datacentre, but I dont have any data to give him...

Thank you...
 
samsung172
Forum Guru
Forum Guru
Posts: 1186
Joined: Sat Apr 04, 2009 3:45 am
Location: Østfold - Norway
Contact:

Re: Real life experience stopping DDOS

Thu Mar 27, 2014 10:54 pm

If you know whats going on. mikrotik is a "silver bullet". Almoust evrything you want is possible. And if you know how ddos is affecting you, its possible to stop on a mikrotik.
 
dorijan
Member Candidate
Member Candidate
Topic Author
Posts: 244
Joined: Fri Jun 04, 2004 12:42 am
Location: Croatia

Re: Real life experience stopping DDOS

Thu Mar 27, 2014 11:00 pm

Do you have a real experience? Appliance or pc? What was the size of attack that you were under?
 
dorijan
Member Candidate
Member Candidate
Topic Author
Posts: 244
Joined: Fri Jun 04, 2004 12:42 am
Location: Croatia

Re: Real life experience stopping DDOS

Fri Mar 28, 2014 11:52 pm

anyone else? real life experience?
 
nerdtron
Member Candidate
Member Candidate
Posts: 123
Joined: Sat Nov 30, 2013 7:49 am

Re: Real life experience stopping DDOS

Sat Mar 29, 2014 3:51 am

Real life experience from this thread http://forum.mikrotik.com/viewtopic.php?t=54607

Anyway, use cloud core routers for production environments and you don't have to worry for compatibility issues on x86 machines. Plus, router have more ports.

Are your routers going to face the public internet to make you worry about DDoS attacks?
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 2954
Joined: Tue Feb 25, 2014 12:49 pm
Location: Capalbio, Tuscany, Italy

Re: Real life experience stopping DDOS

Sat Mar 29, 2014 12:32 pm

My real life experience is very easy:

My 2 firewall are RB1100AH, some DoS and DDoS attakc received: no one single crash in my network (only less bandwidth available, obviously).
No connection count on firewall, only this rules:
http://forum.mikrotik.com/viewtopic.php ... 87#p417380
in addiction to all service on ip/service disabled except for winbox (in other port than default 8291)

About DoS or DDoS generathed isnide my network:
Each CPE has inside it's own Queue and Firewall for that purpose, on the wireless link and on my network, the traffic generating from the CPE must respect the bandwidth limit of the client, instead to traverse all the network and Queued from Gateway.
I'm Italian, not English. Sorry for my imperfect grammar.
 
dorijan
Member Candidate
Member Candidate
Topic Author
Posts: 244
Joined: Fri Jun 04, 2004 12:42 am
Location: Croatia

Re: Real life experience stopping DDOS

Sat Mar 29, 2014 3:58 pm

rextended thank you for your experience, what was magnitude of DDOS attack? and how much bandwidth did you have and how much did bandwidth did the DDOS take?

I am also interested in scenario where a LOT of small packets hit Ethernet card, that it would slow down whole mikrotik, would it be possible to access mikrotik from another interface that is not under attack...for that scenario is it better PC or appliance?
 
sashavl
Frequent Visitor
Frequent Visitor
Posts: 56
Joined: Mon Nov 01, 2010 8:19 pm
Contact:

Re: Real life experience stopping DDOS

Sat Mar 29, 2014 4:00 pm

Chupaka wrote about stopping some major DDoS some time ago. Try to find that post.
 
dorijan
Member Candidate
Member Candidate
Topic Author
Posts: 244
Joined: Fri Jun 04, 2004 12:42 am
Location: Croatia

Re: Real life experience stopping DDOS

Sat Mar 29, 2014 4:36 pm

Thank you, I read that post, but that is one solution, but I need some numbers, and was it a pc or appliance...
I will to pm him :)
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 2954
Joined: Tue Feb 25, 2014 12:49 pm
Location: Capalbio, Tuscany, Italy

Re: Real life experience stopping DDOS

Sat Mar 29, 2014 4:59 pm

rextended thank you for your experience, what was magnitude of DDOS attack? and how much bandwidth did you have and how much did bandwidth did the DDOS take?
Right:

On my rack:
2 x guaranted 100Mbps bi-directional from MUX Milano (Milan) by InteRoute -> cross connected on RB1100AH "A" and RB1100AH "B"
2 x guaranted 100Mbps bi-directional from MUX Roma (Rome) by InteRoute -> cross connected on RB1100AH "B" and RB1100AH "A"
4 x RB1100AHx2 "C/D/E/F" Gateway, each connected on both Router 1100AH "A/B" the load balancing and failover happen here
1 x RB1100AHx2 "Spare" connected on each bypass of all RB1100AH / RB1100AHx2 (ether12) and directly to both Router "A/B"
Each Backbone start from ether11 on "C/D/E/F" and have backup on ether10
2 x RB1200 "G/H" connected on all mentioned device before, as DNS server 1 & 2 and NTP server 1 & 2
1 x RB1200 "I" for HotSpot services, if fail "Spare" take control.
1 x Windows XP for logging, connected only on C/D/E/F/I/Spare
1 x x86 (RouterOS) for User Manager, if fail "D" take charge ("D" have less users than other) connected only on C/D/E/F/Spare
1 x Windows Server 2003 for some Webistes connected on both "A" and "B"
1 x Windows Server 2008 for backup of Websites [actually one by one migrated from 2003] on both "A" and "B"

Usually DDoS or DoS attack not block my network, because if one of connection go to full inbound, there are other 3 links with other range of IP addresses, fully working.
The DDoS take all the inbound bandwidth.
Usually I call InteRoute, and he stop routing such type of traffic on my inbound fiber, and adfter all go normal.
My clients can not notice if one of 4 inbound fiber fail for reach the max througput.

InteRoute is NOT forwarding traffic to another fiber if one of my 4 lines are busy for DDoS or disconnected. I want it in this way.
I'm Italian, not English. Sorry for my imperfect grammar.

Who is online

Users browsing this forum: dave864, Google [Bot], sindy and 68 guests