Cyber Security Solution: UBSI Lecturer Implements DNS Attack Mitigation on Mikrotik

Two IT experts, Ahmad Fauzi from Universitas Bina Sarana Informatika (UBSI) and Andry Maulana from Universitas Nusa Mandiri, have designed a network defence mechanism to counter cyber attacks based on the Domain Name System (DNS). The research, published in October 2025, focuses on implementing DNS security on Mikrotik routers to withstand User Datagram Protocol (UDP) attacks. This experimental study addresses the security challenges faced by small to medium-scale networks, which are often easy targets for cybercriminals. Testing Three Scenarios on Mikrotik Router The research employed an experimental approach, testing the performance of the Mikrotik RB750 router in three scenarios: normal conditions, under attack without protection, and after activating the security system. The test results showed that without protection, UDP attacks could increase the router’s CPU load to 100%. The DNS service consumed the largest resources, reaching 47.5%. This surge in load led to high latency and potential disruption of internet service availability for users. Ahmad Fauzi explained that this research is part of UBSI’s commitment as an Excellently Accredited Campus to deliver research-based solutions. The research findings indicate that using firewall raw rules configuration on the prerouting chain is highly effective. After implementing the drop rule for UDP traffic on port 53, the previously critical CPU load dropped dramatically to a normal level of around 6%. “This is a practical and economical solution for network administrators,” said Fauzi, in a statement quoted on Monday (30/3/2026). Prerouting Firewall Becomes Key to Effectiveness According to him, the advantage of this method lies in placing the security rules in the prerouting chain, allowing harmful packets to be discarded immediately before entering other system processes. This approach not only reduces the device’s workload but also significantly improves throughput stability and DNS service availability. These findings are increasingly relevant given that UDP-based attacks account for more than 16% of global Distributed Denial of Service (DDoS) incidents. Thus, mitigation at the DNS layer becomes a strategic step in maintaining network infrastructure stability. Strengthening National Cyber Security Research This scientific contribution reinforces UBSI’s position as an institution actively involved in developing national cyber security research. Through applicable innovations based on real field needs, UBSI continues to encourage lecturers and students to produce technological solutions that directly impact society. As a Creative Digital Campus with Excellent Accreditation, UBSI is committed to supporting the advancement of information technology infrastructure in Indonesia through research that adapts to the evolving dynamics of cyber threats.