•  Home
  •  Dashboard
  •  Services
    • Dedicated Servers
    • Colocation
    • Private Cloud
    • DDoS Protection
    • IP Transit
    • Backup
    • CDN
    • GGA
  •  Solutions
    • Ecommerce
    • Security
    • Gaming
    • Hosting
    • Management
    • Finance
    • System Integrator
  •  Support
    • Knowledgebase
    • Community
    • Open Ticket
  •  Company
    • About Us
    • Contact Us
    • Network
    • Data Centers
    • Looking Glass
    • Affiliates
    • Reseller
    • Blog
  • Services
    • Dedicated Servers
    • Colocation
    • Private Cloud
    • DDos Protection
    • IP Transit
    • CDN
    • GGA
    • Backup
  • Solutions
    • Ecommerce
    • Security
    • Gaming
    • Hosting
    • Management
    • Finance
    • System Integrator
  • Dashboard

Block DDoS Attack Mikrotik
Trusted By
10,000+ Customers (Since 2001)
  • Home
  • Client
  • Qa Forum
  • Block DDoS Attack Mikrotik

Posted By: Francisco | 1 Replies | Last Reply On: Sep 05, 2018 05:05:33

Is it possible to block ddos attack with Mikrotik? 

Artyom

Votes: 0Posted On: Sep 05, 2018 05:05:33
 

MikroTik RouterOS is an easy to use yet highly powerful interface that gives the power to Network Admins to deploy network capabilities and functions at ease. With the help of MikroTik RouterOS, you can turn a normal standard personal computer into a powerful network router.
MikroTik RouterOS is a Linux based operating system that are specially designed for thin routers. The terms refer to the amount of software and the size of the operating system that is running on our desktop computers.

Yes, with a Mikrotik router you can fight a DDoS attack quite effectively. With a Mikrotik router you can limit the number of connection using a firewall feature. When there is a DDoS attack, the system detects intrusion as the number of connection request exceeds the defined limit.

Let us study how to catch all new connections and redirecte them to the firewall

/ip firewall filter
add chain=forward connection-state=new action=jump jump-target=detect-ddos

In RouterOS, any single UDP packet is considered to be a new connection by Connection Tracking in any Firewall section (except NAT) until the packet in opposite direction is sent. 

We then allow each "SrcIP:DstIP" pair some number of new connections. Make sure to also add exceptions like DNS servers. There is no good reason to block them.

/ip firewall filter
add chain=detect-ddos dst-limit=32,32,src-and-dst-addresses/10s action=return
add chain=detect-ddos src-address=192.168.0.1 action=return

Now we have only packets which exceed our limits - and we add their source to 'ddoser' and the target to 'ddosed' address lists:

/ip firewall filter
add chain=detect-ddos action=add-dst-to-address-list address-list=ddosed address-list-timeout=10m
add chain=detect-ddos action=add-src-to-address-list address-list=ddoser address-list-timeout=10m

Then packet processing returns to 'forward' chain, where we block any packets from ddosers(Culprit) to ddosed(Victim) resources:

/ip firewall filter
add chain=forward connection-state=new src-address-list=ddoser dst-address-list=ddosed action=drop

Was this reply helpful?

Related topics

  • What is DDoS and How to Protect Against a DDoS Attack
  • Common Types of Network Attacks
  • How to temporarily/permanently enable DDoS IP diversion for a Single IP Address?
  • Layer 7 DDoS
  • How to configure mikrotik router step by step?
  • Guide to establish a GRE Tunnel and BGP peering session on MikroTik RouterOS
  • How to block DDoS attacks in Windows?
  • Mikrotik Router Configuration
  • Mikrotik Gre Tunnel Configuration
  • How To Protect Server From A DDoS Attack?
  • A Notorious Record Is Set - The World's Largest DDoS Attack
  • Psychz Networks Protects Client from Massive 400 Gbps Mirai Botnet DDoS Attack
  • GitHub survives world's largest DDoS attack
  • DDoS Extortion: The Latest Nefarious Twist on Cyber Crime
  • Mirai DDoS attacks- Then and Now
Hosting Services
  • Dedicated Hosting
  • Colocation Hosting
  • Backup
  • IP Transit
  • DDoS Mitigation
Support
  • Portal Login
  • Knowledgebase
  • Community
Company
  • About Us
  • Contact Us
  • Network
  • Data Centers
  • Looking Glass
  • Affiliates
  • Reseller
  • Blog
Policies
  • Privacy Policy
  • Acceptable Usage Policy
  • Terms and Conditions
  • Service Level Agreement
Company
  • Psychz Networks,
    A Profuse Solutions Company
    611 Wilshire Blvd #300
    Los Angeles,California 90017
    USA
  • US/Canada: 800-933-1517
  • International: 626-549-2801
Subscribe to Our Mailing List
* indicates required
Copyright © 2019 Psychz Networks, A Profuse Solutions Inc Company