Community discussions

MikroTik App
just joined
Topic Author
Posts: 6
Joined: Mon Jun 26, 2017 5:27 pm

Mikrotik SYN Cookie Protection

Tue Nov 17, 2020 8:04 pm

Hello ,
I could not find a clear source anywhere, either. When the SYN-Cookie protection on Mikrotik devices is activated, which of the following images behaves like?

Kind regards
just joined
Posts: 3
Joined: Fri Jul 12, 2019 2:45 am

Re: Mikrotik SYN Cookie Protection

Thu Nov 19, 2020 11:49 am

SYN cookies do not do anything to protect against volumetric attacks.

Acts according to the information at

You can test it by typing the appropriate dst limit into your raw table.
add chain=prerouting protocol=tcp tcp-flags=syn,rst action=drop
add action=drop chain=prerouting protocol=tcp tcp-flags=!fin,!syn,!rst,!ack

add action=jump chain=prerouting jump-target=RAW_SYN_ACK protocol=tcp tcp-flags=syn,ack
add action=return chain=RAW_SYN_ACK dst-limit=32,32,src-and-dst-addresses/10s  protocol=tcp tcp-flags=syn,ack
add action=drop chain=RAW_SYN_ACK
Forum Guru
Forum Guru
Posts: 7184
Joined: Mon Jun 08, 2015 12:09 pm

Re: Mikrotik SYN Cookie Protection

Thu Nov 19, 2020 11:55 am

I think SYN cookie in RouterOS is only active for TCP connections to the router itself, not when handling forwarded traffic.

Who is online

Users browsing this forum: Baidu [Spider], Bing [Bot] and 202 guests