• Health tips to prevent the spread of COVID-19:
    • Wash your hands frequently;
    • Maintain 2 meters social distancing;
    • Minimise outdoor activities.
    Stay safe in your bubble!

MikroTik port 53 DNS service DDoS attack mitigation and prevention

Andy

Administrator
User ID
1
Joined
7 Jan 2019
Messages
218
Reaction score
8
Points
18
If you found a router that's having botnet attacks on port 53 (DNS), you can use this script to mitigate the attack:
Rich (BB code):
/ip firewall filter
add chain=input in-interface=pppoe-out1-ISP protocol=udp dst-port=53 action=drop
add chain=input in-interface=pppoe-out1-ISP protocol=tcp dst-port=53 action=drop
The in-interface part might be slightly different (it could be ether1 or pppoe-out1 with another name)
 
 Short URL:
Top