- User ID
- 1
- Joined
- 7 Jan 2019
- Messages
- 957
- Reaction score
- 42
- Points
- 28
If you found a router that's having botnet attacks on port 53 (DNS), you can use this script to mitigate the attack:
The in-interface part might be slightly different (it could be ether1 or pppoe-out1 with another name)
Rich (BB code):
/ip firewall filter
add chain=input in-interface=pppoe-out1-ISP protocol=udp dst-port=53 action=drop
add chain=input in-interface=pppoe-out1-ISP protocol=tcp dst-port=53 action=drop
The in-interface part might be slightly different (it could be ether1 or pppoe-out1 with another name)