Community discussions

MikroTik App
 
Konrad
just joined
Topic Author
Posts: 18
Joined: Wed Feb 01, 2017 10:01 pm

DDoS protection

Sun Aug 14, 2022 12:37 pm

Hello,
Is there a way to protect my server and clients from DDoS,
maybe by using 2 public IP addresses and switching between them,
Is any chance to switch already connected clients to another IP?
 
User avatar
BrateloSlava
Member Candidate
Member Candidate
Posts: 168
Joined: Mon Aug 09, 2021 10:33 am
Location: Ukraine, Kharkiv

Re: DDoS protection

Sun Aug 14, 2022 5:57 pm

I recommend you take a look at this
 
tangent
Forum Guru
Forum Guru
Posts: 1351
Joined: Thu Jul 01, 2021 3:15 pm
Contact:

Re: DDoS protection

Sun Aug 14, 2022 6:57 pm

Is there a way to protect my server and clients from DDoS

Sure, lots of ways.

maybe by using 2 public IP addresses and switching between them,

Why would that work? You have to publish both IPs somehow. Unless you can come up with a way to do that without letting your attacker learn it, too, they'll learn of the change quite quickly.

That said…

Is any chance to switch already connected clients to another IP?

Sure. It's called a load balancer, which does more than what the label says, including failover from one IP to another.

The thing is, it's going to do diddly for DDoS protection.

The problem with pursuing this topic on a MikroTik forum is that the very definition of a DDoS attack is an asymmetric situation where your attacker collectively has more bandwidth than your uplink. Nothing RouterOS can do will change this fact. You can add firewalls and clever switch rules and blackhole routes and everything else you can think of using RouterOS's vast toolset, and this basic fact will remain. Limiting packets at the endpoint has its uses, but DDoS protection isn't one of them.

Proper DDoS mitigation services share their tremendous backbone-grade pipes among their clients and apply the traffic limits out at that level, before it gets to your upstream pipe, because that's where the effort is most effective. No matter how big your attacker's botnet, its collective bandwidth probably isn't bigger than that of CloudFlare, or Amazon, or Azure, or…

Who is online

Users browsing this forum: Egate, GoogleOther [Bot], johnson73, Majestic-12 [Bot], reinerotto, Semrush [Bot] and 68 guests