On 11/07/2014 07:24 AM, Butch Evans wrote: > On 11/07/2014 01:55 AM, Chris Hudson wrote: >> Anyone else having NTP based ddos attacks? Any suggestions on how to >> prevent them? > > Depends on exactly how you want to manage the attacks. If you have NO > public NTP servers on your network, you can block all traffic destined > for UDP port 123 entering on your WAN port in both the input and forward > chains. If you DO have public NTP servers on your network, then you do > the same, but put an exception to allow UDP port 123 destination IP of > those servers BEFORE the above drop rules. If you don't have any public > IP space on your network, then you simply do the above in the input > rules only. Pretty straightforward.
I might add that blocking this on the input chain if you don't hvae public IPs behind your router is ONLY necessary IF you have a running NTP server on your router. -- Butch Evans 702-537-0979 Network Support and Engineering http://store.wispgear.net/ http://www.butchevans.com/ _______________________________________________ Mikrotik-users mailing list [email protected] http://lists.wispa.org/mailman/listinfo/mikrotik-users
