Introduction
A denial-of-service (DoS) or distributed denial-of-service (DDoS) attack is a malicious attempt to disrupt normal traffic of a targeted server, service, or network by overwhelming the target or its surrounding infrastructure with a flood of Internet traffic. There are several types of DDoS attacks, for example, HTTP flood, SYN flood, DNS amplification, etc.
Protection Employment
In RouterOS, we have to split DoS/DDoS protection into 2 parts: detection and processing.
DoS/DDoS Detection
First, we will send every new connection to the specific chain where we will detect DDoS:
/ip/firewall/filter add chain=forward connection-state=new action=jump jump-target=detect-ddos
/ip/firewall/filter add chain=detect-ddos dst-limit=32,32,src-and-dst-addresses/10s action=return add chain=detect-ddos src-address=192.168.0.1 action=return