I'm under attack.
I have been under attacks for a month from contabo's ip's , I tried to block the attacks from the Mikrotik..but it did not stop the attack or mitigate it, I changed the entrance to the Internet in Mikrotik, but the attack continue on the "WAN" .. I need A way or any online service to stop this attack now!
Re: I'm under attack.
No way to block incoming traffic without help from ISP.
Re: I'm under attack.
keep in mind source ip of traffic can be spoffed so the source ip you are detecting can be not related with the real source of attack
Re: I'm under attack.
Not enough info and without evidence hard to comment.
First, where is you config?
How are you connected to the internet.
WHy not just change your public IP address.
I think that there is more to this story that you are not revealing.
What do you host thats attractive to hackers?
First, where is you config?
How are you connected to the internet.
WHy not just change your public IP address.
I think that there is more to this story that you are not revealing.
What do you host thats attractive to hackers?
Re: I'm under attack.
I am connected to the Internet via a static IP and it works on Mikrotik x86, I changed the IP and the attacks came back again after less than an hour and I am transmitting the Internet to my subscribers on the network "home networks".
-- My config is drop the source ip's in raw by udp port. that's it!
-- My config is drop the source ip's in raw by udp port. that's it!
Re: I'm under attack.
The ISP set up a fortigate firewall and it didn't work or help well, after that they said to me to protect myselfNo way to block incoming traffic without help from ISP.
Re: I'm under attack.
I understand this, meaning that the traffic source could be coming from external vpn servers, isn't that what you mean?keep in mind source ip of traffic can be spoffed so the source ip you are detecting can be not related with the real source of attack
Re: I'm under attack.
Your subscribers should hire a network administrator.
Re: I'm under attack.
This is what you need! Based on your cooperation and replies here...........Your subscribers should hire a network administrator.
https://mikrotik.com/consultants
Re: I'm under attack.
My main language is Arabic, so I don't know how to write the full details.Your subscribers should hire a network administrator.
Thank you!
Re: I'm under attack.
I have a CCNA certificate .This is what you need! Based on your cooperation and replies here...........Your subscribers should hire a network administrator.
https://mikrotik.com/consultants
Re: I'm under attack.
And who cares on on MikroTik forum?I have a CCNA certificate .
Regardless of the device used,
regardless of the level of instruction,
regardless of any useless certification,
if you change the Public IP and the problem persists, three things may be more plausible, among others:
1) You have one (or more) infected user causing the remote attack;
2) One (or some) of your devices is totally compromised and keep calling the Command & Control center, that always knows what is your IP on that way;
3) You have activated the DDNS Cloud, and of course, if the IP changes, the DDNS Cloud also has your IP changed, and attackers always know your IP;
4) Etc. Etc. Etc.
Re: I'm under attack.
Thanks for your help.And who cares on on MikroTik forum?I have a CCNA certificate .
Regardless of the device used,
regardless of the level of instruction,
regardless of any useless certification,
if you change the Public IP and the problem persists, three things may be more plausible, among others:
1) You have one (or more) infected user causing the remote attack;
2) One (or some) of your devices is totally compromised and keep calling the Command & Control center, that always knows what is your IP on that way;
3) You have activated the DDNS Cloud, and of course, if the IP changes, the DDNS Cloud also has your IP changed, and attackers always know your IP;
4) Etc. Etc. Etc.
Well, how can I identify the device on the network from over 600 users?
You have a way?
For the DDNS they are disabled.
Re: I'm under attack.
A network diagram helps break language barriers.
A config is agnostic.
Use google translate when necessary.
OR simply put.......
yusaeid mukhatat alshabakat ealaa kasr hawajiz allughati.
altakwin hiadiun.
astakhdim mutarjim jujil eind aldarurati.
'aw bibasatat dae ......
A config is agnostic.
Use google translate when necessary.
OR simply put.......
yusaeid mukhatat alshabakat ealaa kasr hawajiz allughati.
altakwin hiadiun.
astakhdim mutarjim jujil eind aldarurati.
'aw bibasatat dae ......
Re: I'm under attack.
I'm applied this config after the raw config befor 2 days and nothig changedA network diagram helps break language barriers.
A config is agnostic.
Use google translate when necessary.
OR simply put.......
yusaeid mukhatat alshabakat ealaa kasr hawajiz allughati.
altakwin hiadiun.
astakhdim mutarjim jujil eind aldarurati.
'aw bibasatat dae ......
https://help.mikrotik.com/docs/pages/vi ... d=28606504
Re: I'm under attack.
Yes, if I were physically there and knew what the whole network is like...Well, how can I identify the device on the network from over 600 users?
You have a way?
But since that's not the case, you'd better hire someone who knows how to do it on the spot...
Re: I'm under attack.
I didn't ask who has the papers that qualifies you for the job.I have a CCNA certificate .
I was asking to hire someone that actually knows what he's doing.
Cheers.
Re: I'm under attack.
I have full control of the network and I know everything about it.I didn't ask who has the papers that qualifies you for the job.I have a CCNA certificate .
I was asking to hire someone that actually knows what he's doing.
Cheers.
I know what i'm do but i need someone to explain everything without this forum:)
Last edited by mhndas on Thu Nov 03, 2022 6:23 pm, edited 1 time in total.
Re: I'm under attack.
I disconnected all users, reset the Mikrotik and set the rules of the firewall, and when I put the internet cable in it without any user other than my device, the Atak was working at a full internet speed of 200mbps , Then I reset the mikrotik again and put the internet entrance in it without setting any presets and the attacks found.Yes, if I were physically there and knew what the whole network is like...Well, how can I identify the device on the network from over 600 users?
You have a way?
But since that's not the case, you'd better hire someone who knows how to do it on the spot...
Re: I'm under attack.
Post your MikroTik Router config. It may be some wrong with your router.First, where is you config?
Last edited by Jotne on Thu Nov 03, 2022 6:32 pm, edited 1 time in total.
Re: I'm under attack.
When you say reset, did you NETINSTALL fresh firmware and put in the config without copying the old config?
Re: I'm under attack.
no, just reset configuration from router and update the packages from the router .When you say reset, did you NETINSTALL fresh firmware and put in the config without copying the old config?
Re: I'm under attack.
آسف
If Netinstall does not solve, after configuring everything by hand without importing the .backup, what I wrote before on post #12 remains valid.
viewtopic.php?p=965810#p965790
Language is a barrier, and through the forum it is difficult to help in these cases.
May peace be upon you.
If Netinstall does not solve, after configuring everything by hand without importing the .backup, what I wrote before on post #12 remains valid.
viewtopic.php?p=965810#p965790
Language is a barrier, and through the forum it is difficult to help in these cases.
May peace be upon you.
Last edited by rextended on Thu Nov 03, 2022 6:37 pm, edited 1 time in total.
Re: I'm under attack.
I'll Try it!آسف
If Netinstall does not solve, after configuring everything by hand without importing the .backup, what I wrote before remains valid.
Language is a barrier, and through the forum it is difficult to help in these cases.
May peace be upon you.
Thank you.
Who is online
Users browsing this forum: Bing [Bot], Google [Bot] and 102 guests