DoS attack Protection
- Limit incoming connections
Address with too much connections can be added to address list for blocking.
/ip firewall filter add chain=input protocol=tcp connection-limit=LIMIT,32 action=add-src-to-address-list address-list=blocked-addr address-list-timeout=1d
/ip firewall filter add chain=input protocol=tcp src-address-list=blocked-addr connection-limit=3,32 action=tarpit
where LIMIT is max. number of connection per IP. LIMIT should be 100 or higher as many services use multiple connection (HTTP, Torrent, other P2P programs).
- Action tarpit
Instead of simply droping attackers packets(action=drop) router can capture and hold connections and with enough powerfull router is can kill the attacker.
www.mikrotikacademybd.com
No comments:
Post a Comment