DoS Protection not working

2019-03-24 07_39_10-Window.png

-Mikrotik RB951
-Cisco Switch 3750
-CnPilot e410
-Mikrotik as dhcp server for vlan10 and vlan 20
-my PC1 running Kali linux vm inside vmware workstation
-prevent all DoS attack from wireless users
-enable all Network/DoS Protection in AP GUI
-in Mikrotik run this to monitor cpu spike
> system resource monitor
-in Kali vm run this to attack Mikrotik
  1. ip spoof
    hping3 -c 10000 -d 120 -S -w 64 --flood --rand-source
    RESULT: cpu spike
  2. smurf attack
    # hping3 -1 --flood --spoof
    RESULT: cpu spike
  3. ip spoof log
  4. icmp fragment
# hping3 -1 -f -x
RESULT: mikrotik already immune to this attack by default
-what I miss in my steps
-how to simulate "ip spoof log" attack

You are doing icmp flood, as i can see in manual there are 4 options in dos protection, none of them is for icmp flood so all is good… said
Smurf is a DoS attacking method. In this flood attack, it floods the victim with the ICMP echo packets instead of TCP SYN packets. Also, it is a spoofed broadcast ping request using the victim IP address as the Source IP.
Most of the modern devices can deter these kind of attacks and SMURF is rarely a threat today.
# hping3 -1 --flood --spoof <target> <broadcast_address>

so I modify my command a bit

# hping3 -1 --flood --spoof

# hping3 -1 --flood -a


-cpu spike between 22%-48& after attack

before attack is only 9%