On 11/07/2014 01:55 AM, Chris Hudson wrote: > Anyone else having NTP based ddos attacks? Any suggestions on how to > prevent them?
Depends on exactly how you want to manage the attacks. If you have NO public NTP servers on your network, you can block all traffic destined for UDP port 123 entering on your WAN port in both the input and forward chains. If you DO have public NTP servers on your network, then you do the same, but put an exception to allow UDP port 123 destination IP of those servers BEFORE the above drop rules. If you don't have any public IP space on your network, then you simply do the above in the input rules only. Pretty straightforward. -- Butch Evans 702-537-0979 Network Support and Engineering http://store.wispgear.net/ http://www.butchevans.com/ _______________________________________________ Mikrotik-users mailing list [email protected] http://lists.wispa.org/mailman/listinfo/mikrotik-users
