Community discussions

MikroTik App
 
saahil
just joined
Topic Author
Posts: 17
Joined: Sun Mar 05, 2017 12:15 am

RX Attack / UDP with https?

Sat Mar 26, 2022 11:56 am

Hi Support, we are observing continous RX traffic.

Tried all forum scripts and options, its still going one.

screenshot attached
You do not have the required permissions to view the files attached to this post.
 
rootemin
just joined
Posts: 6
Joined: Thu Oct 01, 2015 6:12 pm

Re: RX Attack / UDP with https?

Sat Mar 26, 2022 12:01 pm

Hi

wan interface drop incoming traffic only accept ports you allow

add action=drop chain=input in-interface-list=WAN
 
tangent
Forum Guru
Forum Guru
Posts: 1351
Joined: Thu Jul 01, 2021 3:15 pm
Contact:

Re: RX Attack / UDP with https?

Sat Mar 26, 2022 12:09 pm

Hi Support

This is a user-to-user forum, not official MikroTik support.

screenshot attached

Are you sure it isn’t a QUIC download?
 
saahil
just joined
Topic Author
Posts: 17
Joined: Sun Mar 05, 2017 12:15 am

Re: RX Attack / UDP with https?

Sat Mar 26, 2022 12:17 pm

this is core router which has 2 upstream bgp

router os is 6.47.10

if I disable WAN, it will completely drop all traffic [aprox 900Mbps]
 
tangent
Forum Guru
Forum Guru
Posts: 1351
Joined: Thu Jul 01, 2021 3:15 pm
Contact:

Re: RX Attack / UDP with https?

Sat Mar 26, 2022 12:22 pm

Non sequitur. What I’m asking is, how do you know one of your users isn’t simply downloading a big file from this 41 address?
 
saahil
just joined
Topic Author
Posts: 17
Joined: Sun Mar 05, 2017 12:15 am

Re: RX Attack / UDP with https?

Sat Mar 26, 2022 12:28 pm

Non sequitur. What I’m asking is, how do you know one of your users isn’t simply downloading a big file from this 41 address?
the IP that I am getting this RX traffic are already disabled. This is going on for the last 15-17 hours continous.

And none of my customers have plans bigger than 50Mbps
 
pe1chl
Forum Guru
Forum Guru
Posts: 10195
Joined: Mon Jun 08, 2015 12:09 pm

Re: RX Attack / UDP with https?

Sat Mar 26, 2022 12:44 pm

No forum script or option, and no support for your router, will terminate a stream that others send to you.
You need to ask the support for the sending system. Good luck with that!
 
User avatar
junbr0
just joined
Posts: 10
Joined: Sat Jan 09, 2021 10:50 am

Re: RX Attack / UDP with https?

Sat Mar 26, 2022 12:57 pm

you should block it before its enter your router.
call or email your uplink service provider, if that truly ddos or flooding.
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 19101
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: RX Attack / UDP with https?

Sun Mar 27, 2022 11:55 pm

Without seeing your config, wont care to speculate

/export hide-sensitive file=anynameyouwish
 
saahil
just joined
Topic Author
Posts: 17
Joined: Sun Mar 05, 2017 12:15 am

Re: RX Attack / UDP with https?

Mon Mar 28, 2022 12:46 pm

No forum script or option, and no support for your router, will terminate a stream that others send to you.
You need to ask the support for the sending system. Good luck with that!
I contacted upstream and they advised bgp-community blackhole, they shared with me the bgp community and I have created /32 prefix with the set-bgp-community which is my IP received all the 300Mbps capacity. It also shows on the bgp-advertisements. However when I torch the WAN interface I am still receiving the attack on my /32 IP.

Any other suggestions?
 
User avatar
Buckeye
Forum Veteran
Forum Veteran
Posts: 887
Joined: Tue Sep 11, 2018 2:03 am
Location: Ohio, USA

Re: RX Attack / UDP with https?

Mon Mar 28, 2022 1:38 pm

How I survived a DDoS attack youtube video by Jeff Geerling

Who is online

Users browsing this forum: No registered users and 15 guests