Differences

This shows you the differences between two versions of the page.

--- networking:router:mikrotik_under_attack [2014/06/03 15:44]
gcooper
+++ networking:router:mikrotik_under_attack [2014/06/03 16:08] (current)
gcooper
@@ Line 55: / Line 55: @@
 http://wiki.mikrotik.com/wiki/DDoS_Detection_and_Blocking
+:!: This sample rule set is on the ''forward'' chain.  For traffic destined for router, you would have to use the ''input'' chain.
 :!: This rule set uses ''ether1'' as WAN (Internet) connection.
+:!: You can also easily exclude (whitelist) certain hosts.  See [[http://wiki.mikrotik.com/wiki/DDoS_Detection_and_Blocking|DDoS_Detection_and_Blocking]].
 This example dynamically creates two address lists: attackers (''ddos-source'') and attacked hosts (''ddos-target''), and blocks packets from the former to the latter.
@@ Line 66: / Line 70: @@
   comment="Detect DDoS Attack"
-  add chain=detect-ddos action=return dst-limit=50,50,src-and-dst-addresses/10s \
+  add chain=detect-ddos action=return dst-limit=50,100,src-and-dst-addresses/10s \
   comment="Detect DDoS Attack - 1"
@@ Line 76: / Line 80: @@
   add chain=forward action=drop connection-state=new dst-address-list=ddos-target \
-  src-address-list=ddos-source comment="Detect DDoS Attack"
+  src-address-list=ddos-source comment="Drop DDoS Attackers"
 </file>

Virtual Architects Support Wiki