Professional Documents
Culture Documents
20170406fightingddoswithmikrotik 170413165513
20170406fightingddoswithmikrotik 170413165513
with
Achmad Mardiansyah
achmad@glcnetworks.com
GLC Networks, Indonesia
www.glcnetworks.com 1
Agenda
● Introduction
● DDOS attack
● Mitigation
● Demo
● Q&A
www.glcnetworks.com 2
What is GLC?
www.glcnetworks.com 3
About GLC webinar?
www.glcnetworks.com 4
Trainer Introduction
www.glcnetworks.com 5
Please introduce yourself
● Your name
● Your company/university?
● Your networking experience?
● Your mikrotik experience?
● Your expectation from this course?
www.glcnetworks.com 6
What is Mikrotik?
● Name of a company
● A brand
● A program (e.g. mikrotik academy)
● Headquarter: Riga, Latvia
www.glcnetworks.com 7
What are mikrotik products?
● Router OS
○ The OS. Specialized for networking
○ Website: www.mikrotik.com/download
● RouterBoard
○ The hardware
○ RouterOS installed
○ Website: www.routerboard.com
www.glcnetworks.com 8
What Router OS can do?
● Go to www.mikrotik.com
○ Download: what_is_routeros.pdf
○ Download: product catalog
○ Download: newsletter
www.glcnetworks.com 9
What are Mikrotik training & certifications?
www.glcnetworks.com 10
DOS (Denial Of Service)
www.glcnetworks.com 11
What is DOS (Denial Of Service)?
www.glcnetworks.com 12
How do a DOS happen?
www.glcnetworks.com 13
Why do people do DOS?
● Business competition
● Show off
● For fun
● Attract attention
● Hiding other facts
● Diversion of public attention
● Etc… you name it
www.glcnetworks.com 14
What is DDOS (Distributed DOS)?
www.glcnetworks.com 15
How do i know its a DDOS?
www.glcnetworks.com 16
Mitigation
www.glcnetworks.com 17
DDOS mitigation
● Passive
○ Setup intrusion detection in front of servers to detect an attack
○ Setup firewall in front of the servers which can suppress incoming traffic
○ Applying blackhole on router
● Active
○ Do coordination with CERT (Cyber Emergency Response Team)
○ Inform the origin ISP that one of its IP address is doing attack
www.glcnetworks.com 18
What mikrotik can do?
www.glcnetworks.com 19
Mikrotik for Intrusion
detection (mangle)
● Connection limit
● Limit (match when limit is not exceeded)
● Destination limit ( match when given rate
is exceeded)
● PSD (port scan detection)
● Use address list feature to list the IP
address of attacker
www.glcnetworks.com 20
Mikrotik for firewall
www.glcnetworks.com 21
Mikrotik for blackhole
www.glcnetworks.com 22
QA
www.glcnetworks.com 23
Interested?
Just come to our
training...
Special price for webinar
attendees…
http://www.glcnetworks.c
om/main/schedule
www.glcnetworks.com 24
End of slides
www.glcnetworks.com 25