Hi Chris > This particular device does not have nap server enabled. It's my core > router facing my upstream. I have a filter rule to drop port 123 but it > isn't curbing the effects. My whole pipe of course is being eaten up. I > have currently disabled that interface and am running on my secondary > connection. It did this last night from 1 am to 3 am my time and started > right at 1 am again today. Also for about 10 to 15 minutes right around 5 > pm this evening.
So you are the target of a NTP Amplificator DDOS Attack? I'm sorry, there probably is not much you can do against the incoming traffic volume which will saturate your upstream. You would need to contact your upstream to have him try to filter out the traffic or the target ip of that attack. Mit freundlichen GrĂ¼ssen Benoit Panizzon -- I m p r o W a r e A G - ______________________________________________________ Zurlindenstrasse 29 Tel +41 61 826 93 07 CH-4133 Pratteln Fax +41 61 826 93 02 Schweiz Web http://www.imp.ch ______________________________________________________ _______________________________________________ Mikrotik mailing list [email protected] http://mail.butchevans.com/mailman/listinfo/mikrotik Visit http://blog.butchevans.com/ for tutorials related to Mikrotik RouterOS
