I'm being DDoS'd

I did exactly that today, not going to brag but I think it's a pretty solid config. :ROFL:

I just missed a few things that Mikrotik does differently than other vendors.
May I recommend studying YouTube videos extensively on creating MT rules. The data you see in Torch might not correlate correctly with whats happening. Correct MT Firewall rules are like needing to understand the problem 2X from reverse.

I quick cheap nasty way of checking your ruleset is testing it at GRC's ShieldsUp.
 
May I recommend studying YouTube videos extensively on creating MT rules. The data you see in Torch might not correlate correctly with whats happening. Correct MT Firewall rules are like needing to understand the problem 2X from reverse.

I quick cheap nasty way of checking your ruleset is testing it at GRC's ShieldsUp.
I'm totally going to dive deeper into the OS, the wiki looked a little intimidating at first but once I started working through it it's not that bad.

I guess the best way is to lab everything up and get to know the OS through trial and error.
 
I'm totally going to dive deeper into the OS, the wiki looked a little intimidating at first but once I started working through it it's not that bad.

I guess the best way is to lab everything up and get to know the OS through trial and error.
Thats what I thought. With YT videos you can see live changes and live results and what will happen. Please take good care with your rules and general MT security. Otherwise you will be allowing the wolf through the front chicken coop door who will close the door behind him with the chickens in front of him.

:P @r00igev@@r
 
Thats what I thought. With YT videos you can see live changes and live results and what will happen. Please take good care with your rules and general MT security. Otherwise you will be allowing the wolf through the front chicken coop door who will close the door behind him with the chickens in front of him.

:p @r00igev@@r
Well that is true of any firewall. But there are close to 1 million tiks in botnets world wide at the moment because of old vulnerabilities and leaked passwords.
Important to have non-default access and latest firmware as a start.
 
So for the last few days, I've been having heavy packet drops on my fibre line,
After logging several calls with my ISP and them just doing the normal port reset etc, I decided to check my router to see what is going on.
Upon investigation I found this:

View attachment 1221936

I'm getting bombed with 86k packets/second, I then torched the interface and I can see that I'm being hit by ICMP packets.

View attachment 1221938
My question is aren't ISPs supposed to have some kind of DDoS protection in place to avoid attacks like this?
Yes, any standard mitigation solution should filter or as a last resort blackhole it.
 
Do you mind sharing the rule?

Thanks

/interface list member
add interface=pppoe-coolideas list=WAN


/ip firewall filter
add action=drop chain=input comment="External DNS - drop" dst-port=53 \
in-interface-list=WAN protocol=tcp
add action=drop chain=input comment="External DNS - drop" dst-port=53 \
in-interface-list=WAN protocol=udp
 
Top
Sign up to the MyBroadband newsletter
X