MikroTik port 53 DNS service DDoS attack mitigation and prevention

Andy

Administrator
Creative Team
User ID
1
Joined
7 Jan 2019
Messages
1,085
Reaction score
54
Points
48
If you found a router that's having botnet attacks on port 53 (DNS), you can use this script to mitigate the attack:
Rich (BB code):
/ip firewall filter
add chain=input in-interface=pppoe-out1-ISP protocol=udp dst-port=53 action=drop
add chain=input in-interface=pppoe-out1-ISP protocol=tcp dst-port=53 action=drop

The in-interface part might be slightly different (it could be ether1 or pppoe-out1 with another name)
 
 Short URL:
Back
Top