Virtual Architects Support Wiki

User Tools

Site Tools

You are here: start » networking » router » mikrotik_under_attack
Trace:
networking:router:mikrotik_under_attack

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision 		Previous revision
networking:router:mikrotik_under_attack [2014/06/03 15:30]
gcooper 		networking:router:mikrotik_under_attack [2014/06/03 16:08] (current)
gcooper
Line 55: Line 55:
  
 http://wiki.mikrotik.com/wiki/DDoS_Detection_and_Blocking http://wiki.mikrotik.com/wiki/DDoS_Detection_and_Blocking
 +
 +:!: This sample rule set is on the ''forward'' chain.  For traffic destined for router, you would have to use the ''input'' chain.
  
 :!: This rule set uses ''ether1'' as WAN (Internet) connection. :!: This rule set uses ''ether1'' as WAN (Internet) connection.
 +
 +:!: You can also easily exclude (whitelist) certain hosts.  See [[http://wiki.mikrotik.com/wiki/DDoS_Detection_and_Blocking|DDoS_Detection_and_Blocking]].
  
 This example dynamically creates two address lists: attackers (''ddos-source'') and attacked hosts (''ddos-target''), and blocks packets from the former to the latter. This example dynamically creates two address lists: attackers (''ddos-source'') and attacked hosts (''ddos-target''), and blocks packets from the former to the latter.
Line 62: Line 66:
 <file> <file>
 /ip firewall filter /ip firewall filter
-add chain=forward connection-state=new action=jump jump-target=block-ddos 
-add chain=forward connection-state=new src-address-list=ddoser dst-address-list=ddosed action=drop 
-add chain=block-ddos dst-limit=50,50,src-and-dst-addresses/10s action=return 
-add chain=block-ddos action=add-dst-to-address-list address-list=ddosed address-list-timeout=10m 
-add chain=block-ddos action=add-src-to-address-list address-list=ddoser address-list-timeout=10m 
-</file> 
  
-<file> +  add chain=forward action=jump connection-state=new in-interface=ether1 jump-target=detect-ddos \
-/ip firewall filter +
- +
-  add action=jump chain=forward connection-state=new in-interface=ether1 jump-target=detect-ddos \+
   comment="Detect DDoS Attack"   comment="Detect DDoS Attack"
          
-  add action=return chain=detect-ddos dst-limit=32,32,src-and-dst-addresses/10s \ +  add chain=detect-ddos action=return dst-limit=50,100,src-and-dst-addresses/10s \ 
-  comment="Detect DDoS Attack"+  comment="Detect DDoS Attack - 1"
              
-  add action=add-dst-to-address-list address-list=ddos-target address-list-timeout=1w chain=detect-ddos +  add chain=detect-ddos action=add-dst-to-address-list address-list=ddos-target address-list-timeout=1w \ 
-  comment="Detect DDoS Attack"+  comment="Detect DDoS Attack - 2"
          
-  add action=add-src-to-address-list address-list=ddos-source address-list-timeout=1w chain=detect-ddos +  add chain=detect-ddos action=add-src-to-address-list address-list=ddos-source address-list-timeout=1w \ 
-  comment="Detect DDoS Attack"+  comment="Detect DDoS Attack - 3"
          
-  add action=drop chain=forward connection-state=new dst-address-list=ddos-target \ +  add chain=forward action=drop connection-state=new dst-address-list=ddos-target \ 
-  src-address-list=ddos-source comment="Detect DDoS Attack"+  src-address-list=ddos-source comment="Drop DDoS Attackers"
 </file> </file>
  
networking/router/mikrotik_under_attack.1401831020.txt.gz · Last modified: 2014/06/03 15:30 by gcooper

Page Tools

Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Share Alike 4.0 International
CC Attribution-Share Alike 4.0 International Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki