Community discussions

MikroTik App
 
fivezero05
just joined
Topic Author
Posts: 1
Joined: Thu Oct 31, 2024 10:04 am

1M TCP-SYN in one night

Thu Oct 31, 2024 10:25 am

Hi,

I recently installed a mikrotik (hEX) router in my homenetwork. So by all intends and purposes, I am not familiar with the ins and outs of network-admins, but i do know my networks.

My current setup has some VLANs to divide IoT devices from "normal" devices and from the solar panels. Pretty standard stuff.
The mikrotik router is not the first router. The situation:

ISP Router ==> Mikrotik Router ==> Home network

From the viewpoint of my ISP, only one device is on my home network: the Mikrotik router.

I have however a VPN server on my NAS (synology), which is open to the WAN on port 443 ( ISP PortForward: 443, mikrotik 1194). Just so traffic won't get blocked on certain networks.
And I started to notice a lot of connections being made to it. Like 300+. Not wanting these connections i jumped into this forum (and wiki) and found some rules to limit TCP-SYN.
(I know, mikrotik has a VPN server as well, and that is on my to-do list, but i first wanted to make sure everything works like before :p)
/ip firewall filter
add action=jump chain=forward comment="SYN Flood protect" connection-state=new in-interface="ether1 [WAN]" jump-target=SYN-Protect protocol=tcp  tcp-flags=syn
add action=return chain=SYN-Protect connection-state=new limit=400,5:packet protocol=tcp tcp-flags=syn 
add action=add-src-to-address-list address-list=SYN-Block address-list-timeout=2d chain=SYN-Protect
add action=drop chain=forward src-address-list=SYN-Block
This drop-rule alone drops like 1 million packets a night. (after 12h the counter is 1 562 104)
The SYN-Block list contains like 1888 ip's.
During the day, no new packets get dropped. It only starts at night.

So my questions :
  • Is this normal? Should i be concerned?
  • Is this the right way of doing things? Can the list get too big? Or are there better ways of handling this kind of situations.

Who is online

Users browsing this forum: No registered users and 1 guest