March 25, 2010 | Posted by admin Your internet was very slow when used? The first question may be how the hell the internet connection speed that I get to feel slow. The next step taken is to measure the speed of internet connection in our place with some of the existing tools on the Internet. Do not rush to blame your [...]
Categories: MIKROTIK | 
Tags: | 
No Comments »
March 17, 2010 | Posted by admin Mikrotik DoS attack protection
Limit incoming connections
Address with too much connections can be added to address list for futher blocking.
/ip firewall filter add chain=input protocol=tcp connection-limit=LIMIT,32 action=add-src-to-address-list address-list=blocked-addr address-list-timeout=1d
where LIMIT is max. number of connection per IP. LIMIT should be 100 or higher as many services use multiple connection (HTTP, Torrent, other P2P programs).
Action [...]
Categories: MIKROTIK | Tags: MIKROTIK | 1 Comment »
March 17, 2010 | Posted by admin Mikrotik Bruteforce login prevention
Allows only 10 FTP login incorrect answers per minute
/ip firewall filter
add chain=input protocol=tcp dst-port=21 src-address-list=ftp_blacklist action=drop
add chain=output action=accept protocol=tcp content=”530 Login incorrect” dst-limit=1/1m,9,dst-address/1m
add chain=output action=add-dst-to-address-list protocol=tcp content=”530 Login incorrect” address-list=ftp_blacklist address-list-timeout=3h
This will prevent a SSH brute forcer to be banned for 10 days after repetitive attempts. Change the timeouts as necessary.
/ip firewall [...]
Categories: MIKROTIK | Tags: MIKROTIK | No Comments »
Recent Comments