Sounds cool. Is this all in the ROS world. Would you publish the script ? I would be interested A -----Original Message----- From: Public [mailto:public-bounces@talk.mikrotik.com.au] On Behalf Of Terry Sweetser Sent: Tuesday, 29 March 2016 8:20 PM To: public@talk.mikrotik.com.au Subject: [MT-AU Public] DDoS Mitigation? Hello Mikrotikians! Just wondering what ideas and implementations people have tried to detect and block packet floods and other DOS attacks? I'm currently running 6.33 on X86 hardware and have a non-production box trying a simple PPS rate firewall filter to auto-build a list of target addresses and drop inbound traffic to the list (with a 2h expire time.) I want to go further and push the list to BGP as /32 blackhole routes to my iBGP and also upstream to the likes of VOCUS who support /32 black holing. This is also on top of a general purpose filter which is looking for invalid TCP flag combinations to just drop outright. Frustratingly, the last few DDOS attacks inbound to AS7477 have been TCP SYN/RST at high packet rates, but barely past 25Mbps of payload -- router/os has proven very susceptible to high PPS hitting a single queue (HTB and simple for 1 ip address and/or sub-interface) and turning into a turtle. -- http://about.me/terry.sweetser _______________________________________________ Public mailing list Public@talk.mikrotik.com.au http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com.au