How to DDOS Protection in mikrotik

DDOS Protection in MikroTik

If there is any attack is coming to your network and if there are many unnecessary connection has been established then enable some enhanced security features of mikrotik .Like


1-Drop the DNS request from your WAN interface
2-Drop all the invalid TCP sessions in your mirkotik .
3-Remove the check option from "Allow Remote Request inside your IP>DNS"


DoS (Denial of Service) attack can cause overloading of a router. Which means that the CPU usage goes to 100% and router can become unreachable with timeouts. All operations on packets which can take significant CPU power like firewalling (filter, NAT, mangle), logging, queues can cause overloading if too many packets per second arrives at the router.

Generally there is no perfect solution to protect against DoS attacks. Every service can become overloaded by too many requests. But there are some methods for minimising the impact of an attack.

Get a more powerful router or server
Get a more faster uplink
Reduce the number of firewall rules, queues and other packet handling actions
Track attack path and block it closer to source (by upstream provider)
Entire Network bandwidth will be chocked .
The routers CPU utilisation would be high .



When ever there is any above mentioned issues in your mikrotik then you can consider it as
DDoS attack .


DoS (Denial of Service) attack can cause overloading of router. Which means what CPU usage goes to 100% and router could be unreachable with timeouts. Every operations on packets which can take significant CPU power like firewalling(filter, nat, mangle), logging, queues can cause overloading if too much packets per second arrives to router.

Generally there is no perfect solution to protect against DoS attacks. Every service could be overloaded by too much requests. So there are only some methods for minimization impact of attack.

Get more powerfull router or server

>Get more faster up link
>Reduce number of firewall rules, queues and other packet handling actions
>Track attack path and block it closer to source (by upstream provider)
>TCP SYN flood
>More info: SYN flood.
>Diagnose



Lets start the configuration .


Here, I will show you the most important 3 rules on Ddos attack but you have to configure only one rule in your mikrotik at a time. Because the purpose of all the rules are same so no need to configure these below 3 rules at a time in router . Anyone of these below rules you can configure .


Rule-1

/ip firewall filter
add action=jump chain=forward connection-state=new jump-target=detect-ddos
add action=return chain=detect-ddos dst-limit=32,32,src-and-dst-addresses/10s
add action=add-dst-to-address-list address-list=Ddosed address-list-timeout=10m chain=detect-ddos
add action=add-src-to-address-list address-list=Ddoser address-list-timeout=10m chain=detect-ddos
add action=drop chain=forward connection-state=new dst-address-list=Ddosed src-address-list=Ddoser


Rule-2

/ip firewall filter
add chain=forward connection-state=new action=jump jump-target=block-ddos
add chain=forward connection-state=new src-address-list=Ddoser dst-address-list=Ddosed action=drop
add chain=block-ddos dst-limit=50,50,src-and-dst-addresses/10s action=return
add chain=block-ddos action=add-dst-to-address-list address-list=Ddosed address-list-timeout=10m
add chain=block-ddos action=add-src-to-address-list address-list=Ddoser address-list-timeout=10m


Rule-3

/ip firewall filter
add chain=forward connection-state=new action=jump jump-target=detect-ddos
add chain=detect-ddos dst-limit=32,32,src-and-dst-addresses/10s action=return
add chain=detect-ddos src-address=10.106.0.1 action=return
add chain=detect-ddos action=add-dst-to-address-list address-list=Ddosed address-list-timeout=10m
add chain=detect-ddos action=add-src-to-address-list address-list=Ddoser address-list-timeout=10m
add chain=forward connection-state=new src-address-list=Ddoser dst-address-list=Ddosed action=drop

A R Mukul
System Engineer
Mirpur Online
Email: support@mirpur.online
Phone: +88-09639-006425 Mobile: +880-1740884872