I operate a wireless ISP (WLAN) and have a fiber-optic backbone that provides service to a couple hundred subscribers. A few months ago, my provider (Surewest) called to tell me about a DOS attack that was coming through on my ip address. I use a Linksys RV016 router, which handled the traffic on the network very well prior to the DOS attack. Now, the DOS attack is overwhelming the router and causing a degredation in performance on my WLAN.
I know the attack is coming from the outside and the Linksys hardware firewall is doing okay, but i want to keep the attack from even getting to the router. I was looking at getting a Sonic Firewall, but my provider said that may stop some but it still may not be able to completely prevent the attack from overwhelming the router.
Is there a solution that anyone can recommend to prevent DOS attacks from overwhelming the router?
FYI- I do have public ip addresses and i use NAT. Ive tried to configure the firewall to "deny" certain port access and leaving just the basic ones open, like 80, 8080, etc. HOwever, it didnt seem to stop the attack. For example, in the log: "connection refused - policy violation TCP 188.8.131.52:50554->184.108.40.206:51413 on ixp1" and these happen every second, from some different ip -> to the same 220.127.116.11: something.
Any insight would be greatly appreciated.