Hi Alex, This is what I'm currently testing:
/ip firewall filter add action=return chain=ddos-processor dst-limit=8000,2000,dst-address/5s add action=add-dst-to-address-list address-list=ddos-block address-list-timeout=2h chain=ddos-processor log=yes log-prefix=DDOS add action=jump chain=forward connection-state=new jump-target=ddos-processor add action=drop chain=forward dst-address-list=ddos-block add action=drop chain=forward comment="invalid tcp flags and port 0 attacks" protocol=tcp tcp-flags=!fin,!syn,!rst,!ack add action=drop chain=forward comment="invalid tcp flags and port 0 attacks" protocol=tcp tcp-flags=fin,syn add action=drop chain=forward comment="invalid tcp flags and port 0 attacks" protocol=tcp tcp-flags=fin,rst add action=drop chain=forward comment="invalid tcp flags and port 0 attacks" protocol=tcp tcp-flags=fin,!ack add action=drop chain=forward comment="invalid tcp flags and port 0 attacks" protocol=tcp tcp-flags=fin,urg add action=drop chain=forward comment="invalid tcp flags and port 0 attacks" protocol=tcp tcp-flags=syn,rst add action=drop chain=forward comment="invalid tcp flags and port 0 attacks" protocol=tcp tcp-flags=rst,urg add action=drop chain=forward comment="invalid tcp flags and port 0 attacks" protocol=tcp src-port=0 add action=drop chain=forward comment="invalid tcp flags and port 0 attacks" dst-port=0 protocol=tcp add action=drop chain=forward comment="invalid tcp flags and port 0 attacks" protocol=udp src-port=0 add action=drop chain=forward comment="invalid tcp flags and port 0 attacks" dst-port=0 protocol=udp
I'm also working on a scheduler script to add a BGP advertisement of the /32, with a set of community strings that would black hole the /32. http://about.me/terry.sweetser On 30/03/16 08:10, Alex Samad - Yieldbroker wrote:
Sounds cool. Is this all in the ROS world.
Would you publish the script ? I would be interested
A