Thursday, December 24, 2015

Denial-of-service (DoS) attack protection by MikroTik

 denial-of-service (DoS) attack is an attempt to make a machine or network resource unavailable to its intended users, such as to temporarily or indefinitely interrupt or suspend services of a host connected to the Internet.

Way to protect by MikroTik is : 

Limit incoming connections
Address with too much connections can be added to address list for blocking.

/ip firewall filter add chain=input protocol=tcp connection-limit=LIMIT,32 action=add-src-to-address-list  address-list=blocked-addr address-list-timeout=1d 

/ip firewall filter add chain=input protocol=tcp src-address-list=blocked-addr connection-limit=3,32 action=tarpit 

where LIMIT is max. number of connection per IP. LIMIT should be 100 or higher as many services use multiple connection (HTTP, Torrent, other P2P programs).
Action tarpit. Instead of simply droping attackers packets(action=drop) router can capture and hold connections and with enough powerful router is can block the attacker.

No comments:

Post a Comment