How to secure MikroTik from DDoS

Serangan denial-of-service (DoS) and distributed denial of service (DDoS) is a malicious attempt to disrupt normal traffic from a targeted server, service or network by target flooding or surrounding internet traffic infrastructure. There are several types of DDoS attacks, for example HTTP flood, SYN flood, DNS amplification, etc. To do this we need to know how to secure MikroTik from DDoS as this attack can reduce the performance of the MikroTik Router, which is caused by the large number of packets sent in a short time.

Securing MikroTik from DDoS

1. To secure MikroTik from DDoS, you can first go to the menu IP> Firewall then select the tab Filtering rules then click the icon +.

2. On the tab General in the Chain fill it with lali before in Protocol fill with 6 (tcp).

New general firewall rule

3. Then click the tab Advanced then go to the section TCP flags then fill TCP flags with sin.

TCP Flags syn

4. Then click the Extra tab, and then open the Connection Limit section, then fill in Limit to limit the connection and on netmask fill with 32.

MikroTik connection limit

5. Then click the tab Action then complete the section Action with add src to the address list to move the perpetrator’s IP to the address list, then to mailing list you can freely name the author of DDoS and in Timeot it is a time sanction granted to DDoS actors so that they can send packets to the MikroTik router.

add src to the MikroTik address list

6. Do the same as number 1 or 5 or you can do Copy on the earlier Rule. But on the tab General in the Chain with which you fill yourself entry.

New general firewall rule

7. Create a new rule still in the menu IP> Firewall then select the tab Filtering rules then click the icon +.

8. Then on the tab General in the Chain fill with Redirect and part ProtocolI fill with 6 (tcp).

New general firewall rule

9. Then click the tab Advanced in the Mr. Mailing List select the address list from the previous rule.

New advanced rule for Src firewall.  Mailing list

10. Then click the tab Action then in Action fill with tiltthis serves to inhibit or stop the connection in the DDoS process.

MicroTik Tarpit

11. Do things like number 7-10, as you can do earlier Copy on a Rule that was made faster. But on the tab General in the Chain with which you fill yourself entry.

New general firewall rule

12. Finally, do the DDoS test step on the MikroTik router IP, you can use applications such as Zenmap or another. You can see the IP address of the perpetrator who made DDoS in the menu IP> Firewall then select the tab Address lists.

Pelaku DDOS IP address

Conclusion

That’s the decent thing to do, and it should end there. By creating these rules, you can prevent packet transmission from taking place continuously in a short time so that your MikroTik router can avoid DDoS threats.


So many articles How to secure MikroTik from DDoS. Looking forward to more interesting articles and don’t forget to share this article with your friends. Thanks…

Leave a Comment

/* */