Firewall in RouterOS: Stopping a DDoS Attack

Подписаться 3,6 тыс.

Просмотров 24 тыс.

50% 1

DoS and DDoS attacks are some of the most common malicious online activities used by hackers to disrupt a network, misuse victim devices, gain unauthorized access and so on. Using simple firewall configurations in RouterOS, we will show you how easily you can fend off a sudden DDoS attack to gain control over your router, stop traffic floods, and make sure your hardware does not crash as a result of such cyber threats.

Опубликовано:

14 окт 2024

Ссылка:

Скачать:

Готовим ссылку...

Добавить в:

Мой плейлист

Посмотреть позже

Комментарии : 24

@engyem2462 5 месяцев назад

Keep it going. In terms of mikrotik, this is one of the most advantageous channels.

@jeytis72 Год назад

Excellent. It's one of your videos I liked the most. Very clear and helpful explanation. Keep up the good work. Thanks

@HaniRahrouh Год назад

Thank you for your feedback.

@MikroTikCanada Год назад

Dear jeytis72, Many thanks as always for watching our tutorials and sharing your feedback. Now that some of the basics are out of the way, we will be dealing with more practical issues as we move down the MTCNA path.

@PilarTecno 5 месяцев назад

Wow, i started to see the video thinking this was another unuseful one but it gave me very relevant and important information. Im kinda new in mikrotik so it came very handy. Very well explained !

@axeljacobs5276 Год назад

Very good quality ! Many thanks for this excellent work !!

@HaniRahrouh Год назад

Thank you for your feedback.

@MikroTikCanada Год назад

Dear Axel Jacobs, Many thanks for watching this video and leaving us your feedback. Stay tuned as we will be dealing with more practical issues in the coming weeks.

@kwanelevilakati Год назад

Thank you so much for this video. Do you create seperate rules for udp packets?

@MikroTikCanada Год назад

Yes, you need to create a separate rule for the UDP protocol.

@TubeSkaterRudy Год назад

Something bothers me in this video. The narrator talks first about simply disabling the 3 services in case you only have a private router and you don't need these services. After that he starts talking about the other case scenario working with raw routing. But this is still blocking all traffic to the same ports so eventually doing exactly the same as simply disabling the services. Or do I understand this wrong and is the second method complimentary to the first one, to really solve the problem of a DDOS attack?

@stevebot 10 месяцев назад

If you disable services they will not be available inside or outside the firewall. FTP and telnet should be fully deprecated by now and disabled by default. SSH remains generally secure and is good for administration and file transfer. With some advanced filtering and rules you can mitigate DoS also.

@pierpa_76pierpaolo Год назад

How to protect modem outer from any cyber hackers attack. Can any brand be made inviolable? In the past few days I noticed that I was getting my network card disabled and something else remotely. I know perfectly well who is the cause but without evidence with you can proceed with the complaint and move on to the 'arrest of these people (who do not even live far from me. It just so happens!!). Greetings.

@MahdiRaeesi Год назад

brief and useful, good job thank you.👍

@MikroTikCanada Год назад

Dear Mahdi Raeesi, Many thanks for watching our videos! If you have any feedback, we'd love to hear it!

@p_menta Год назад

Even with RAW rules blocking an NTP Amplification attack, my RB750Gr3 stills hits 95% CPU. What can i do? 😢

@Losdog79 8 месяцев назад

What happens if my router is being sent DDOS attacks from port 53? Can I disable this port without harming my pc?

@Glenners Год назад

Daniel told me to follow

@MikroTikCanada Год назад

Dear Glenners, Many thanks for subscribing to our channel. Indeed, we will greatly appreciate any input you may have to improve our content!

@mohamadnor3074 Год назад

شي جميل شكرا كثير على هذا الفيديو

@MikroTikCanada Год назад

Dear Mohamad Nor, Many thanks for your feedback. We’re happy that you’re enjoyed our content. Spread the word and stay tuned!

@Anavllama 15 дней назад

Completely bogus, the MT router has no business being used to attempt to stop a DDOS attack. This is the responsibility of the ISP provider and upstream carriers. If you want to play a fools game do waste your time with a DDOS config on the MT device.............

@MikroTikCanada 5 дней назад

Thank you for sharing your thoughts! You’re absolutely right that ISPs and upstream carriers play a important role in mitigating large-scale DDoS attacks. For massive volumetric attacks, their intervention is often necessary to block traffic at the source before it overwhelms the network. That said, MikroTik routers can still be part of a multi-layered defense strategy. While they may not completely stop a full-scale DDoS attack, they can help reduce the impact of smaller attacks, especially at the local network level. Implementing firewall rules, rate limiting, and traffic filters can help protect internal networks from certain types of threats. It’s not a foolproof solution, but it adds another layer of security, which is always beneficial in a comprehensive approach to network protection. Thanks again for your comment, and I appreciate your perspective!