Berapa waktu lalu … ada yang coba incar2 port mikrotik dan ada coba niat untuk tembak router mikrotik, so coba tanya sama mbah google ternyata dapet, serangan ini merupakan paket data kecil, tetapi secara terus menerus, sehingga mikrotik nya bisa galau di bawah jaringan yang dia kendalikan.
berikut script untuk menghadang Ddos :
/ip firewal filter
add action=add-src-to-address-list address-list=DDOS address-list-timeout=15s chain=input disabled=no dst-port=1337 protocol=tcp
add action=add-src-to-address-list address-list=DDOS address-list-timeout=15m chain=input disabled=no dst-port=7331 protocol=tcp src-address-list=knock
add action=add-src-to-address-list address-list=”port scanners” address-list-timeout=2w chain=input comment=”Port scanners to list ” disabled=no protocol=tcp psd=21,3s,3,1
add action=add-src-to-address-list address-list=”port scanners” address-list-timeout=2w chain=input comment=”SYN/FIN scan” disabled=no protocol=tcp tcp-flags=fin,syn
add action=add-src-to-address-list address-list=”port scanners” address-list-timeout=2w chain=input comment=”SYN/RST scan” disabled=no protocol=tcp tcp-flags=syn,rst
add action=add-src-to-address-list address-list=”port scanners” address-list-timeout=2w chain=input comment=”FIN/PSH/URG scan” disabled=no protocol=tcp tcp-flags=fin,psh,urg,!syn,!rst,!ack
add action=add-src-to-address-list address-list=”port scanners” address-list-timeout=2w chain=input comment=”ALL/ALL scan” disabled=no protocol=tcp tcp-flags=fin,syn,rst,psh,ack,urg
add action=add-src-to-address-list address-list=”port scanners” address-list-timeout=2w chain=input comment=”NMAP NULL scan” disabled=no protocol=tcp tcp-flags=!fin,!syn,!rst,!psh,!ack,!urg
