62.149.12.108

rini · January 31, 2012, 4:10pm

hi there. what is about this ip 62.149.12.108 ??

it really takes about 3-4 Mbps upload of internet??? in the pic it takes only 1 Mbps.

i dont have a range of ip address 192.168.1.1/24. in the torch i see that 192.168.1.14 and 192.168.1.18 is taking all that upload but i dont use that ip.

anyone can explain ? how can i stop this ?

rini · January 31, 2012, 4:26pm

anyone???

troy · January 31, 2012, 5:17pm

You need to provide quite a bit more information, start with this:

/interface print
/ip address print
/ip route print

The arp table might also help:

/ip arp print

rini · January 31, 2012, 5:38pm

/interface print

0 R ether1 5GHz ether 1500 1526 1526
1 R wlan1 wlan 1500 2290

/ip address print

0 170.100.100.1/24 170.100.100.0 ether1 5GHz
1 171.100.100.5/24 171.100.100.0 wlan

/ip route print

DST-ADDRESS PREF-SRC GATEWAY DISTANCE

0 A S 0.0.0.0/0 171.100.100.1 1

1 170.100.100.1/24 170.100.100.0 ether1 5GHz

/ip arp
here are only ip's with range 170.100.100.1/24

troy · January 31, 2012, 5:57pm

Do you see those same IP addresses if you run torch on your wireless interface?

Try putting an address on ether1, such as 192.168.1.250/24, and see if you can ping those addresses or at least get their associated MAC addresses.

rini · January 31, 2012, 6:58pm

yes when i torch i see a lot of the same ip address

3 days and i resolve it.

it was a virus.

a client installed a router wireless d link (gateway 192.168.1.1) to connect a laptop via wifi and a personal computer via lan cable. 192.168.1.14 for lan and 192.168.1.18 for wifi.

this client called me every day becouse he thinks that the internet line is down. i went there and test the internet and its ok
the virus worked with time. at 7 pm to 11 pm all my up link full capacity. i try to queue it but nothing. i try to drop that ip nothing. anyway its only a computer virus.

here is a pic i make to the client antena
wireless is about 1500K upload
and the lan want to take 19.8 Mbps

troy · January 31, 2012, 10:17pm

I’m glad you found the source. However, I gotta ask… how is this customer routing his internal addresses over your network? He should be doing his own NAT.

On your NAT router, add a filter to only allow those subnets that you’ve set up for customer access. On my network, I have hundreds of subnets in play, but only 2 can get out through NAT. In this set up, if a customer inadvertently bridges his lan to my network, he won’t be able to get out. Every customer has to use the IP I give them (static or dynamic).

For controlling bandwidth, do this where the customer has his L3 connection to your network (wlan, vlan, pppoe, etc…), the tools are there, you just have to use them.

Also consider setting up a queue to dynamically balance your bandwidth. A search on bandwidth sharing should get you started. It will help prevent a few users from dragging your whole network down.