DoS attack protection

From MikroTik Wiki
Revision as of 16:42, 28 February 2010 by Chronos (talk | contribs) (new page)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

Types

TCP SYN flood

More information about this type of attack: SYN flood.

Diagnose

Huge amount of received syn-sent tcp packets can be observed in firewall connection list. 

/ip firewall connection print

Protection

  • Limit incoming connections
add chain=forward protocol=tcp connection-limit=LIMIT,32 disabled=no \
dst-address-list=TO src-address-list=FROM action=drop

where LIMIT is max. connection count pre IP, TO and FROM are address list for filtering


  • Action tarpid
  • SYN filtering
  • SYN cookies

External links

Retrieved from "https://wiki.mikrotik.com/index.php?title=DoS_attack_protection&oldid=15684"