Mitigate Mikrotik DNS Amplification Attack

@zulqrn

Hi there, I would like to assist you mitigation the DNS flood attacks on your Mikrotik Router. Let me know a good time to talk. Thanks!

@ahmadpiran

Hi, I can immediately assist with the DNS amplification attack affecting your "/22 network" and the Mikrotik 2116. To mitigate this without exhausting the CCR2116’s CPU, I will implement Raw Firewall rules (Prerouting) to drop malicious traffic before it hits Connection Tracking. Two Quick Questions: Is the router intended to act as a public recursive resolver, or can we strictly block all inbound UDP/53 requests originating from outside your /22 subnet? Do you have allow-remote-requests enabled under /ip dns, and are you seeing the high traffic on the input chain (targeting the router) or the forward chain? I am available to start the audit via WinBox immediately. Best regards, Ahmad

@efanntyo

Hello Ismet U. Hope you are doing well! This is Efan , I checked your project detail carefully. I am pretty much experienced with Linux, DNS, Network Security, Computer Security, Network Engineering, VPN and Network Monitoring for over 8 years, I can update you shortly. Cheers Efan

@abhisaini0188

Hello, Thank you so much for posting this opportunity. It sounds like a great fit, and I’d love to be part of it! I’ve worked on similar projects before, and I’m confident I can bring real value to your project. I’m passionate about what I do and always aim to deliver work that’s not only high-quality but also makes things easier and smoother for my clients. Feel free to take a quick look at my profile to see some of the work I’ve done in the past. If it feels like a good match, I’d be happy to chat further about your project and how I can help bring it to life. I’m available to get started right away and will give this project my full attention from day one. Let’s connect and see how we can make this a success together! Looking forward to hearing from you soon. With Regards! Abhishek Saini

@AlejoLagos

Hello, I can help you identify and mitigate the DNS amplification attack affecting your /22 network without disrupting legitimate DNS traffic. I’m a Telecommunications Technician with strong hands-on experience managing ISP-scale networks on MikroTik RouterOS, including firewall auditing, traffic analysis, and mitigation of volumetric and protocol-based attacks. I’m also currently studying Cybersecurity, with a practical focus on network-level defense. For this case, my approach would be: – Remote audit of the current RouterOS configuration (firewall, NAT, raw, mangle, DNS settings) – Identification of malicious DNS patterns (reflection/amplification behavior, abnormal query rates, open resolver exposure) – Implementation of precise filter/raw rules and rate-limiting to stop attack traffic while keeping normal DNS resolution fast – Validation under load and a clear rollback plan – Delivery of a documented rule set or .rsc script for future use I have worked with MikroTik platforms including RB, CCR, and ISP edge routers, so the concepts fully translate to the 2116. I can start immediately once access is provided (WinBox or SSH). Please let me know your RouterOS version, whether the router is acting as a DNS resolver, and if any upstream mitigation is already in place. Best regards.

@Arismans22

Hi, I can analyze your network behind MikroTik, trace DNS amplification sources, and implement targeted filters to block malicious traffic while keeping legitimate DNS traffic uninterrupted. I’m happy to discuss step-by-step solutions to restore subnet stability efficiently. Regards, arisman

@emilesd617

Hi, I am a network and security engineer with 8 years of rich experience in infrastructure and system administration, with a strong background in Mikrotik RouterOS and network security. I am familiar with Linux, DNS, network engineering, network monitoring, computer security, VPNs, and mitigating volumetric attacks such as DNS amplification. For this project, I can perform a fast remote audit of your RouterOS configuration to identify the amplification vectors, then implement targeted firewall filter, raw, and rate-limit rules to block or throttle abusive DNS traffic without impacting legitimate queries. I will provide a clean .rsc script, explain each rule, and include a rollback and validation plan so you can safely test under load and confirm normal DNS performance is preserved. I'm an individual freelancer and can work on any time zone you want. Please contact me with the best time for you to have a quick chat. Looking forward to discussing more details. Thanks. Emile.

@iamthepakSharma

I understand you’re dealing with a DNS amplification attack impacting a /22 network behind a MikroTik CCR2116, where the primary symptom is subnet-wide latency and slowdowns, and that basic rules are no longer sufficient. The priority is to identify and suppress malicious traffic precisely, without disrupting legitimate DNS resolution. I have hands-on experience mitigating DNS amplification and reflection attacks on RouterOS, including work on RB750, RB3011, CCR1009, and CCR-class routers, where the same principles apply. I’m comfortable working directly via WinBox or SSH and making controlled, auditable changes. I can start immediately once access is provided. Let me know your preferred timeline and whether you’ll grant WinBox or SSH access, and I’ll take it from there. Best Regards, Deepak

@novatech2210

Hi Ismet, **Guarantee:** Just finished a similar project to mitigate a DNS amplification attack on a Mikrotik device, resulting in a 99% reduction in malicious traffic. I'm confident that my team is the perfect fit for this project. We have extensive experience in RouterOS configuration and have successfully implemented custom filter, mangle, and rate-limit rules to block malicious traffic while keeping normal DNS queries fast. With multiple 5-star reviews on similar projects, you can trust that our expertise will deliver the desired results. Our team is dedicated to providing a professional and seamless experience throughout the project. I understand that you're looking for a quick remote audit of the current RouterOS configuration, precise filter and rate-limit rules to cut the attack traffic, and a brief rollback plan for validation testing. Our team can provide all of these services, and we'll work closely with you to ensure the fix is implemented correctly. We'll need WinBox or SSH access to the Mikrotik 2116 to complete the audit and implement the necessary rules. We'll also provide a detailed timeline and any additional access details needed. I'd love to chat about your project and discuss how we can help you mitigate the DNS amplification attack. The worst that can happen is you walk away with a free consultation. Best regards, Chris | Lead Developer | Novatech

@anilptk

With over 8 years of experience in the IT industry, I am more than capable to mitigate the MikroTik DNS amplification attack that your network is currently facing. Although my profile may have highlighted my expertise with mobile applications, it fails to communicate the depth of my knowledge in networking and system administration. Over the years, I've encountered various networking challenges and have always managed to find effective solutions. One of the key aspects of this project is being able to carefully examine your RouterOS configuration which I'm well versed with using WinBox or SSH access. I'm confident in my ability to trace and filter the malicious traffic without disrupting legitimate DNS queries while maintaining an optimal network speed. Apart from being solution-oriented, I comprehend the significance of minimising downtime. As such, thorough testing and a rollback plan are essential strategies for ensuring a smooth transition once-as indeed-I solve this matter.

@keaganhaynes14

I am a perfect fit for your project. I understand you need a clean, professional, and user-friendly solution to trace and block malicious DNS amplification traffic on your MikroTik 2116, ensuring seamless and automated DNS resolution for your /22 network. While I am new to Freelancer, I have extensive real-world experience and have completed multiple projects off the platform. I specialize in integrated RouterOS configurations, including precise filter, mangle, and rate-limit rules, and can provide a clear rollback plan with validation tests to confirm performance under load. I would love to chat more about your project! Regards, keagan

@ahmadm857

Hello, I’m a senior ISP Network Engineer and MikroTik specialist with hands-on experience protecting public /21–/22 subnets from DNS amplification and UDP reflection attacks on MikroTik CCR routers (including CCR2116). I will quickly audit your RouterOS config (WinBox/SSH), trace the malicious DNS traffic, and apply RAW early-drop rules, precise UDP/53 rate-limits, and dynamic address-lists to stop the attack without impacting legitimate DNS resolution. You’ll receive a clean .rsc mitigation script, plus a simple rollback and validation checklist. I can start immediately once access is provided. — Ahmad