Community discussions

MikroTik App
 
tberg
newbie
Topic Author
Posts: 41
Joined: Sun Sep 22, 2013 6:34 pm

Stop router WAN IP address being spoofed

Fri Aug 15, 2014 7:14 pm

I have client that is at a minimum, amplifying an attack.

Their router is setup as a NAT router with a single WAN and single LAN interface.
The firewall connections list shows many connections with its WAN IP address as the source address.
I put a firewall rule to log the connections. They are in the forward chain, the in and out interfaces are both the WAN interface, and the source MAC is that of the WAN default gateway.

Any suggestions on how to block forwarding of this traffic? I assume rp_filter yes would do it, but what other potential issues would it create?

Thank you,
Todd

Who is online

Users browsing this forum: farhadhelix, Google [Bot] and 91 guests