Wouldn't setting RP filter to strict fix the spoofing issue? If not, why not?
/ip settings set rp-filter=strict On Fri, Oct 21, 2016 at 12:22 PM, Mike Hammett <wispawirel...@ics-il.net> wrote: > Sorry, src-address-list, not dst-address-list. > > > > ----- > Mike Hammett > > Intelligent Computing Solutions <http://www.ics-il.com/> > <https://www.facebook.com/ICSIL> > <https://plus.google.com/+IntelligentComputingSolutionsDeKalb> > <https://www.linkedin.com/company/intelligent-computing-solutions> > <https://twitter.com/ICSIL> > > Midwest Internet Exchange <http://www.midwest-ix.com/> > <https://www.facebook.com/mdwestix> > <https://www.linkedin.com/company/midwest-internet-exchange> > <https://twitter.com/mdwestix> > > The Brothers WISP <http://www.thebrotherswisp.com/> > <https://www.facebook.com/thebrotherswisp> > <https://www.youtube.com/channel/UCXSdfxQv7SpoRQYNyLwntZg> > ------------------------------ > *From: *"Mike Hammett" <wispawirel...@ics-il.net> > *To: *"WISPA General List" <wireless@wispa.org> > *Sent: *Friday, October 21, 2016 12:17:39 PM > *Subject: *Re: [WISPA] Another Large DDoS, Stop Being a Dick > > > /ip firewall address-list > add list="Public-IPs" address=x.x.x.x/yy disabled=no comment="My IPs" > add list="Public-IPs" address=x.x.x.x/yy disabled=no comment="Downstream > customer X IPs" > > /ip firewall filter > add action=drop chain=forward comment="Drop spoofed traffic" disabled=no > out-interface="To-Upstream" dst-address-list=!"Public-IPs" > > That was largely composed off of the top of my head and typed on my phone, > so it may not be completely accurate. > > > You should also do it on customer-facing ports not allowing anything to > come in, but that would be best approached once Mikrotik and the per > interface setting for unicast reverse path filtering. You would then said > customer facing interfaces to strict and all other interfaces to loose. > They accepted the feature request, just haven't implemented it yet. > > > > ----- > Mike Hammett > > Intelligent Computing Solutions <http://www.ics-il.com/> > <https://www.facebook.com/ICSIL> > <https://plus.google.com/+IntelligentComputingSolutionsDeKalb> > <https://www.linkedin.com/company/intelligent-computing-solutions> > <https://twitter.com/ICSIL> > > Midwest Internet Exchange <http://www.midwest-ix.com/> > <https://www.facebook.com/mdwestix> > <https://www.linkedin.com/company/midwest-internet-exchange> > <https://twitter.com/mdwestix> > > The Brothers WISP <http://www.thebrotherswisp.com/> > <https://www.facebook.com/thebrotherswisp> > <https://www.youtube.com/channel/UCXSdfxQv7SpoRQYNyLwntZg> > ------------------------------ > *From: *"Mike Hammett" <wispawirel...@ics-il.net> > *To: *"WISPA General List" <wireless@wispa.org> > *Sent: *Friday, October 21, 2016 11:23:24 AM > *Subject: *[WISPA] Another Large DDoS, Stop Being a Dick > > There's another large DDoS going on now. Go to this page to see if you can > be used for UDP amplification (or other spoofing) attacks: > > https://www.caida.org/projects/spoofer/ > > Go to these pages for more longer term bad behavior monitoring: > > https://www.shadowserver.org/wiki/ > https://radar.qrator.net/ > > > Maybe we need to start a database of ASNs WISPs are using and start naming > and shaming them when they have bad actors on their network. This is > serious, people. Take it seriously. > > > > ----- > Mike Hammett > > Intelligent Computing Solutions <http://www.ics-il.com/> > <https://www.facebook.com/ICSIL> > <https://plus.google.com/+IntelligentComputingSolutionsDeKalb> > <https://www.linkedin.com/company/intelligent-computing-solutions> > <https://twitter.com/ICSIL> > > Midwest Internet Exchange <http://www.midwest-ix.com/> > <https://www.facebook.com/mdwestix> > <https://www.linkedin.com/company/midwest-internet-exchange> > <https://twitter.com/mdwestix> > > The Brothers WISP <http://www.thebrotherswisp.com/> > <https://www.facebook.com/thebrotherswisp> > <https://www.youtube.com/channel/UCXSdfxQv7SpoRQYNyLwntZg> > > _______________________________________________ > Wireless mailing list > Wireless@wispa.org > http://lists.wispa.org/mailman/listinfo/wireless > > > _______________________________________________ > Wireless mailing list > Wireless@wispa.org > http://lists.wispa.org/mailman/listinfo/wireless > > > _______________________________________________ > Wireless mailing list > Wireless@wispa.org > http://lists.wispa.org/mailman/listinfo/wireless > >
_______________________________________________ Wireless mailing list Wireless@wispa.org http://lists.wispa.org/mailman/listinfo/wireless
