Yes, I do need to. I had to get with my upstream and they actually ended up having their up streams get in on it to get the traffic blocked.
Chris Sent via the Samsung Galaxy Note® 3, an AT&T 4G LTE smartphone <div>-------- Original message --------</div><div>From: Glenn Kelley <[email protected]> </div><div>Date:11/08/2014 12:10 PM (GMT-06:00) </div><div>To: Mikrotik Users <[email protected]> </div><div>Subject: Re: [Mikrotik Users] NTP DDOS Attacks </div><div> </div>Butch is not saying something here - so I will for him. BUY HIS FIREWALL SCRIPT well worth its small cost. On Fri, Nov 7, 2014 at 9:05 AM, Butch Evans <[email protected]> wrote: On 11/07/2014 07:24 AM, Butch Evans wrote: > On 11/07/2014 01:55 AM, Chris Hudson wrote: >> Anyone else having NTP based ddos attacks? Any suggestions on how to >> prevent them? > > Depends on exactly how you want to manage the attacks. If you have NO > public NTP servers on your network, you can block all traffic destined > for UDP port 123 entering on your WAN port in both the input and forward > chains. If you DO have public NTP servers on your network, then you do > the same, but put an exception to allow UDP port 123 destination IP of > those servers BEFORE the above drop rules. If you don't have any public > IP space on your network, then you simply do the above in the input > rules only. Pretty straightforward. I might add that blocking this on the input chain if you don't hvae public IPs behind your router is ONLY necessary IF you have a running NTP server on your router. -- Butch Evans 702-537-0979 Network Support and Engineering http://store.wispgear.net/ http://www.butchevans.com/ _______________________________________________ Mikrotik-users mailing list [email protected] http://lists.wispa.org/mailman/listinfo/mikrotik-users
_______________________________________________ Mikrotik-users mailing list [email protected] http://lists.wispa.org/mailman/listinfo/mikrotik-users
