[Mikrotik] DOS attack question

David Hulsebus contact at portative.net
Tue Dec 4 10:35:09 CST 2012

We've had someone sending network attacks on us over the last few days. 
We are blocking 15K + IP addresses each 24 hours and and have an address 
list that has grown to more than 45K since Sunday morning. I do see my 
CPU usage hasn't really grown beyond 10% - it usually runs 6-8%. Which 
brings me to the question. At that scale are address list look-ups more 
efficient than multiple rules? Or is there a difference ? I am looking 
at increasing the blocked time from 3 days to 14.

Thank you, Dave

David Hulsebus
Portative Technologies, LLC
1995 Allison Lane, Suite 100
Corydon, IN 47112

More information about the Mikrotik mailing list