You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 3 Next »

Introduction

A denial-of-service (DoS) or distributed denial-of-service (DDoS) attack is a malicious attempt to disrupt normal traffic of a targeted server, service, or network by overwhelming the target or its surrounding infrastructure with a flood of Internet traffic. There are several types of DDoS attacks, for example, HTTP flood, SYN flood, DNS amplification, etc.

Protection Employment

In RouterOS, we have to split DoS/DDoS protection into 2 parts: detection and processing.

DoS/DDoS Detection

First, we will send every new connection to the specific chain where we will detect DDoS:

/ip/firewall/filter
add chain=forward connection-state=new action=jump jump-target=detect-ddos
/ip/firewall/filter
add chain=detect-ddos dst-limit=32,32,src-and-dst-addresses/10s action=return
add chain=detect-ddos src-address=192.168.0.1 action=return





                
        
    
        


                        
    





    

	

		
    
    
            
  • 
            No labels
        
    •