Community discussions

MikroTik App
 
meowsoft
just joined
Topic Author
Posts: 2
Joined: Sat Mar 13, 2021 4:49 pm

RB951G-2HND DDOS

Sat Mar 13, 2021 4:58 pm

Is RB951G-2HND Safe From DDOS ?, Is there any way to prevent this ?, before this I use D-Link wireless router and if DDOS by someone my CCTV and smart home system is also crash, can I prevent that happen again to my system ?

*DDOS effect is very fatal, loose access to open my door, etc, because door lock is electric, controlled by arduino and raspberry pi, connected via wireless router

From router to house boundaries wall is nearby 3 meters, can I use firewall, limit wireless strength, or do another stuff to prevents that DDOS happen again ?
 
karakuraizer
just joined
Posts: 18
Joined: Mon Apr 26, 2021 12:35 pm

Re: RB951G-2HND DDOS

Wed Apr 28, 2021 3:42 pm

Hi, not sure if this topic belongs to wireless networking but anyway...

To understand the basics you need to answer 2 questions:
1.what is your ISP uplink bandwidth and how is your ISP managing traffic when it reaches\exceeds this limitation ?
2.Is there enough router CPU performance to handle full loaded uplink channel with firewall rules made to drop DDoS traffic?

So RB951G-2HND got a single core AR9344 running at 600Mhz(default)
as we can see from its' test results https://mikrotik.com/product/RB951G-2Hn ... estresults it can forward up to ~60Kpps(60 000packets per second) while having 25 active ip filter rules(more rules or very complicated ones, less packets per second btw) which means that in the worst case scenario:
attacker uses 64byte packet size this router can forward up to 60000packets*64bytes*8 ~ 31MBits\s * , if the number of packets exceeds 60 000 router's cpu will start to "loose" packets it cannot handle.(you saw the result with your d-link router)

Hope this info would help!

*(1byte=8bits)
Last edited by karakuraizer on Tue May 04, 2021 2:47 pm, edited 2 times in total.
 
User avatar
mkx
Forum Guru
Forum Guru
Posts: 11383
Joined: Thu Mar 03, 2016 10:23 pm

Re: RB951G-2HND DDOS

Wed Apr 28, 2021 4:57 pm

Hi, not sure if this topic belongs to wireless networking but anyway...

Another possibility is to mess with wireless. Either hack it to gain access to LAN or create enough interference for clients (door lock, CCTV) to drop off wireless network. Either is hard to defend against determined attacker (unless one uses some appropriately sized drill bits and installs some UTP cables).
 
karakuraizer
just joined
Posts: 18
Joined: Mon Apr 26, 2021 12:35 pm

Re: RB951G-2HND DDOS

Thu Apr 29, 2021 7:28 pm

Hi, not sure if this topic belongs to wireless networking but anyway...

Another possibility is to mess with wireless. Either hack it to gain access to LAN or create enough interference for clients (door lock, CCTV) to drop off wireless network. Either is hard to defend against determined attacker (unless one uses some appropriately sized drill bits and installs some UTP cables).
With all respect but using such important devices like door lock on wlan or even not separate them from other net when connected by UTP is stupid =)
also using ipcams on wlan is not the best idea

Who is online

Users browsing this forum: baragoon, morphema, Ponytred and 42 guests