Vulnerability mitigation in an ISP core network: A case study

Keywords: Mikrotik, RouterOS, Attack, Mitigation, ISP


Cybersecurity incidents in ISP (Internet Service Provider) infrastructure have grown significantly and it is necessary to identify vulnerabilities that need immediate protection. In this environment, the firewall can filter data packets, analyzing the headers and deciding about the routing of the packet based on the established rules. This device is very essential in an ISP network because it mitigates the vulnerabilities coming from the network, maintaining a higher degree of computer security for your internal network, thus guaranteeing the availability, integrity, and confidentiality of the information. In the case study, a Mikrotik brand infrastructure was selected with a proprietary operating system called RouterOS, which will function as a core router, where the security rules will be applied to your firewall for each type of attack that will be generated against the router. , whether they are internal or external attacks on the network, avoiding causing serious security failures such as being the victim of a DoS (Denial of Service) attack, brute force attacks, etc. As a result, a 50% decrease in CPU consumption was obtained in each attack generated, thus achieving the proper functioning of the network infrastructure and guaranteeing stability and availability of the communications network.


Download data is not yet available.


Metrics Loading ...


Ahmad, I., Namal, S., Ylianttila, M., Gurtov, A. J. I. C. S., & Tutorials. (2015). Security in software defined networks: A survey. 17(4), 2317-2346.

Aldaoud, M., Al-Abri, D., Al Maashri, A., Kausar, F. J. J. o. C. V., & Techniques, H. (2021). DHCP attacking tools: An analysis. 17(2), 119-129.

Arhami, M., & Hidayat, H. T. (2019). Analysis and implementation of the Port Knocking method using Firewall-based Mikrotik Rout-erOS. Paper presented at the IOP Conference Series: Materials Science and Engineering.

Bartholemy, A., & Chen, W. (2015). An examination of distributed denial of service attacks. Paper presented at the 2015 IEEE In-ternational Conference on Electro/Information Technology (EIT).

Braem, B., Bergs, J., Avonts, J., & Blondia, C. (2014). Mapping a community network. Paper presented at the 2014 Global Infor-mation Infrastructure and Networking Symposium (GIIS).

Chauhan, A. S. (2018). Practical Network Scanning: Capture network vulnerabilities using standard tools such as Nmap and Nessus: Packt Publishing Ltd.

Domínguez, H. M., Maya, E. A., Peluffo, D. H., & Crisanto, C. M. J. M. (2016). Aplicación de técnicas de fuerza bruta con dicciona-rio de datos, para vulnerar servicios con métodos de autenti-cación simple “Contraseñas”, pruebas de concepto con soft-ware libre y su remediación. 7, 87-95.

EcuaCERT. (2021). EcuaCERT. Retrieved from

Grover, V. (2020). An Efficient Brute Force Attack Handling Tech-niques for Server Virtualization. Paper presented at the Pro-ceedings of the International Conference on Innovative Com-puting & Communications (ICICC).

Gunnam, G. R., & Kumar, S. J. J. o. I. S. (2017). Do ICMP Security Attacks Have Same Impact on Servers? , 8(3), 274-283.

Kadafi, M., & Khusnawi, K. J. C. I. T. J. (2015). Analisis Rogue DHCP Packets Menggunakan Wireshark Network Protocol Analyzer. 2(2), 165-180.

Kali. (2019). Yersinia tools. Retrieved from

Kaspersky. (2020). Kaspersky registra 45 ataques por segundo en América Latina. Retrieved from

Linux, K. (2018). hping3. Retrieved from

López, R. A. (2017). Sistemas de gestión de la seguridad informáti-ca. In: Bogotá: AREANDINA. Fundación Universitaria del Área Andina.

Mukhtar, H., Salah, K., Iraqi, Y. J. C., & Engineering, E. (2012). Miti-gation of DHCP starvation attack. 38(5), 1115-1128.

Shaikh, A., Pardeshi, B., & Dalvi, F. (2020). Overcoming Threats and Vulnerabilities in DNS. Paper presented at the Proceedings of the 3rd International Conference on Advances in Science & Technology (ICAST).

Singh, A., Juneja, D. J. I. J. o. E. S., & Technology. (2010). Agent based preventive measure for UDP flood attack in DDoS at-tacks. 2(8), 3405-3411.

Sukaridhoto, S., & ST Ph, D. J. S. P. (2014). Buku Jaringan Komputer I. 2014, 11-12.

Wu, C.-H. J., & Irwin, J. D. (2016). Introduction to computer net-works and cybersecurity: CRC Press.

Abstract 54
PDF (Español (España)) 31
How to Cite
Palate, B. M., & Avila-Pesantez, D. (2021). Vulnerability mitigation in an ISP core network: A case study. Ecuadorian Science Journal, 5(2), 68-82.
Research Paper
Share |