Hey Guys!
I have a mikrotik CCR1009-8G-1S-1S+ deployed at workplace, whose memory is increasing steadily until only 40-50mb free is left after which the router reboots.
The same process is happening again and again and repeats roughly about two times daily.
I have attached a screen.
Please tell if any other file is to be provided for consideration.
Thanks
You will have to provide more details - ROS version, post your config, etc. Myself and plenty others use a CCR1009 with no memory leak issues, so this must be a version/config issue.
Latest version 6.35.2 is installed, what other config do you require?
I have dude installed and SNMP traffic flow, etc enabled.
Do I need to attach supout.rif file ?
@biomesh
Find attached supout.rif file.
Thanks
It was not attached in last post.
support.txt (786 KB)
If you are getting supout.rif’s, you should email that to mikrotik support (support[at]mikrotik.com
- since this is a user based support forum, it does not help us.
You can post your device’s config export (/export) so we can see what could be the issue.
I would start by emailing support directly though. There could be an issue that they are currently working on that is or was fixed with a RC version.
Here is the /export output :
/interface ethernet
set [ find default-name=ether1 ] name=ether1<NEXTRA/45Mb>
set [ find default-name=ether2 ] name=ether2<AIRTELBROBAND/16Mb>
set [ find default-name=ether5 ] name=ether5
/interface pppoe-client
add add-default-route=yes default-route-distance=3 interface=
ether2<AIRTELBROBAND/16Mb******************************
/interface vrrp
add interface=ether5 name=vrrp1 priority=250
/ip firewall layer7-protocol
add name=ios_updates regexp=“^.+(mesu.apple|appldnld.apple).$"
add name=torrentsites regexp="^.(get|GET).+(torrent|\r
\nthepiratebay|isohunt|entertane|demonoid|btjunkie|mininova|flixflux|\r
\ntorrentz|vertor|h33t|btscene|bitunity|bittoxic|thunderbytes|\r
\nentertane|zoozle|vcdq|bitnova|bitsoup|meganova|fulldls|btbot|\r
\nflixflux|seedpeer|fenopy|gpirate|commonbits).$"
add name=windows_updates regexp="^.+(windowsupdate|update.microsoft|download.win
dowsupdate|wustat.windows|ntservicepack.microsoft|stats.microsoft).$”
/ip pool
add name=91-lan-pool ranges=192.168.2.1-192.168.5.254
/ip dhcp-server
add address-pool=91-lan-pool disabled=no interface=ether5 name=91-lan-dhcp
/queue type
add kind=pcq name=download-2Mb pcq-classifier=dst-address
pcq-dst-address6-mask=64 pcq-rate=2097152 pcq-src-address6-mask=64
add kind=pcq name=upload-2Mb pcq-classifier=src-address pcq-dst-address6-mask=
64 pcq-rate=2097152 pcq-src-address6-mask=64
/queue simple
add comment=Vibhas disabled=yes name=queue3 queue=default/default target=
192.168.2.20/32,192.168.5.215/32 total-queue=default
add name=queue1 packet-marks=“” queue=default/default target=
192.168.5.215/32,192.168.1.9/32,192.168.5.190/32
add comment=“Limit every Users at 2Mb/4Mb using PCQ.” name=2Mb/4Mb-Limit queue=
upload-2Mb/download-2Mb target=192.168.0.0/21
/queue tree
add max-limit=45M name=in parent=global queue=default
add max-limit=45M name=out parent=global queue=default
add limit-at=10M max-limit=45M name=voip-in packet-mark=voip-in parent=in
priority=1 queue=default
add limit-at=10M max-limit=45M name=voip-out packet-mark=voip-out parent=out
priority=1 queue=default
/snmp community
set [ find default=yes ] addresses=192.168.1.9/32,0.0.0.0/0,192.168.3.64/32
/dude
set enabled=yes
/interface pptp-server server
set authentication=pap,chap,mschap1,mschap2 enabled=yes
/ip address
add address=192.168.0.1 interface=vrrp1 network=192.168.0.1
add address=192.168.0.11/21 interface=ether5 network=192.168.0.0
add address=103.245.118.66/29 interface=ether1<NEXTRA/45Mb> network=
103.245.118.64
add address=103.245.118.68 interface=ether1<NEXTRA/45Mb> network=103.245.118.68
/ip cloud
set ddns-enabled=yes
/ip dhcp-server lease
add address=192.168.5.215 mac-address=00:1A:4D:F6:C7:FC server=91-lan-dhcp
/ip dhcp-server network
add address=192.168.0.0/21 dns-server=
192.168.0.1,103.14.124.5,103.14.124.6,8.8.8.8 gateway=192.168.0.1 netmask=
21
/ip dns
set allow-remote-requests=yes cache-max-ttl=3d cache-size=8196KiB
max-udp-packet-size=8196 servers=
192.168.0.1,103.14.124.5,103.14.124.6,8.8.8.8
/ip firewall address-list
add address=103.245.118.64/29 list=external-nets
add address=192.168.0.0/21 list=internal-nets
/ip firewall filter
add action=drop chain=forward comment=windows_blocked layer7-protocol=
windows_updates
add action=drop chain=forward comment=android-update-block port=5228 protocol=
udp
add action=drop chain=forward comment=android-update-block port=5228 protocol=
tcp
add action=drop chain=forward comment=ios_blocked layer7-protocol=ios_updates
add action=drop chain=forward comment=V_p2p_Drop p2p=all-p2p src-address=
192.168.0.0/21
add action=drop chain=forward comment=V_torrentsites layer7-protocol=
torrentsites src-address=192.168.0.0/21
add action=drop chain=forward comment=V_dropDNS dst-port=53 layer7-protocol=
torrentsites protocol=udp src-address=192.168.0.0/21
add action=drop chain=forward comment=V_keyword_drop content=torrent
src-address=192.168.0.0/21
add action=drop chain=forward comment=V_trackers_drop content=tracker disabled=
yes src-address=192.168.0.0/21
add action=drop chain=forward comment=V_get_peers_drop content=getpeers
src-address=192.168.0.0/21
add action=drop chain=forward comment=V_info_hash_drop content=info_hash
src-address=192.168.0.0/21
add action=drop chain=forward comment=V_announce_peers_drop content=
announce_peers src-address=192.168.0.0/21
add action=drop chain=forward comment=“All p2p Traffic Block” p2p=all-p2p
add action=drop chain=forward comment=“All p2p Traffic Block” port=6881-6999
protocol=tcp
add action=drop chain=forward comment=“All p2p Traffic Block” port=6881-6999
protocol=udp
add action=drop chain=forward comment=“Torrent Block” content=.torrent
add action=passthrough chain=unused-hs-chain comment=“place hotspot rules here”
add action=drop chain=virus comment=“Drop 53 DoS attack” dst-port=53 protocol=
tcp
add action=drop chain=virus comment=“Drop 53 DoS attack” dst-port=53 protocol=
udp
add action=add-src-to-address-list address-list=spammer address-list-timeout=2d
chain=virus comment=“Drop 80 DoS attack” connection-limit=40,32 dst-port=80
limit=20,5:packet protocol=tcp src-address-list=!smtpOK
add action=drop chain=virus comment=“Drop Spammer” dst-port=25 protocol=tcp
add action=add-src-to-address-list address-list=spammer address-list-timeout=1d
chain=virus comment=“add to spammer list” connection-limit=30,32 dst-port=
25 limit=10,5:packet protocol=tcp src-address-list=!smtpOK
add action=drop chain=virus comment=“SMTP SPAM stopper!” dst-port=25 protocol=
tcp src-address-list=!smtpOK
add action=drop chain=virus comment=“Drop 80 DoS attack” dst-port=80 protocol=
tcp
add action=add-src-to-address-list address-list=blocked-addr
address-list-timeout=1d chain=input connection-limit=100,32 protocol=tcp
add action=jump chain=forward connection-state=new jump-target=detect-ddos
add action=return chain=detect-ddos dst-limit=32,32,src-and-dst-addresses/10s
add action=add-dst-to-address-list address-list=ddosed address-list-timeout=1d
chain=detect-ddos
add action=add-src-to-address-list address-list=ddoser address-list-timeout=
1d10m chain=detect-ddos
add action=add-src-to-address-list address-list=“port scanners”
address-list-timeout=2w chain=input comment=“Port scanners to list "
protocol=tcp psd=21,3s,3,1
add action=add-src-to-address-list address-list=“port scanners”
address-list-timeout=2w chain=input comment=“NMAP FIN Stealth scan”
protocol=tcp tcp-flags=fin,!syn,!rst,!psh,!ack,!urg
add action=add-src-to-address-list address-list=“port scanners”
address-list-timeout=2w chain=input comment=“SYN/FIN scan” protocol=tcp
tcp-flags=fin,syn
add action=add-src-to-address-list address-list=“port scanners”
address-list-timeout=2w chain=input comment=“SYN/RST scan” protocol=tcp
tcp-flags=syn,rst
add action=add-src-to-address-list address-list=“port scanners”
address-list-timeout=2w chain=input comment=“FIN/PSH/URG scan” protocol=tcp
tcp-flags=fin,psh,urg,!syn,!rst,!ack
add action=add-src-to-address-list address-list=“port scanners”
address-list-timeout=2w chain=input comment=“ALL/ALL scan” protocol=tcp
tcp-flags=fin,syn,rst,psh,ack,urg
add action=add-src-to-address-list address-list=“port scanners”
address-list-timeout=2w chain=input comment=“NMAP NULL scan” protocol=tcp
tcp-flags=!fin,!syn,!rst,!psh,!ack,!urg
add action=drop chain=input comment=“dropping port scanners” src-address-list=
“port scanners”
add action=jump chain=forward comment=“SYN Flood protect” connection-state=new
jump-target=SYN-Protect protocol=tcp tcp-flags=syn
add chain=SYN-Protect connection-state=new limit=400,5:packet protocol=tcp
tcp-flags=syn
add action=drop chain=SYN-Protect connection-state=new protocol=tcp tcp-flags=
syn
add action=drop chain=forward comment=“Block Bogus IP Address” src-address=
0.0.0.0/8
add action=drop chain=forward dst-address=0.0.0.0/8
add action=drop chain=forward src-address=127.0.0.0/8
add action=drop chain=forward dst-address=127.0.0.0/8
add action=drop chain=forward src-address=224.0.0.0/3
add action=drop chain=forward dst-address=224.0.0.0/3
add action=drop chain=input comment=“Drop SSH brute forcers” dst-port=22
protocol=tcp src-address-list=ssh_blacklist
add action=add-src-to-address-list address-list=ssh_blacklist
address-list-timeout=1w3d chain=input connection-state=new dst-port=22
protocol=tcp src-address-list=ssh_stage3
add action=add-src-to-address-list address-list=ssh_stage3
address-list-timeout=1m chain=input connection-state=new dst-port=22
protocol=tcp src-address-list=ssh_stage2
add action=add-src-to-address-list address-list=ssh_stage2
address-list-timeout=1m chain=input connection-state=new dst-port=22
protocol=tcp src-address-list=ssh_stage1
add action=add-src-to-address-list address-list=ssh_stage1
address-list-timeout=1m chain=input connection-state=new dst-port=22
protocol=tcp
add action=add-src-to-address-list address-list=“port scanners”
address-list-timeout=2w chain=input comment=“Port Scanners to list”
protocol=tcp psd=21,3s,3,1
add action=add-src-to-address-list address-list=“port scanners”
address-list-timeout=2w chain=input protocol=tcp tcp-flags=
fin,!syn,!rst,!psh,!ack,!urg
add action=add-src-to-address-list address-list=“port scanners”
address-list-timeout=2w chain=input protocol=tcp tcp-flags=fin,syn
add action=add-src-to-address-list address-list=“port scanners”
address-list-timeout=2w chain=input protocol=tcp tcp-flags=syn,rst
add action=add-src-to-address-list address-list=“port scanners”
address-list-timeout=2w chain=input protocol=tcp tcp-flags=
fin,psh,urg,!syn,!rst,!ack
add action=add-src-to-address-list address-list=“port scanners”
address-list-timeout=2w chain=input protocol=tcp tcp-flags=
fin,syn,rst,psh,ack,urg
add action=add-src-to-address-list address-list=“port scanners”
address-list-timeout=2w chain=input protocol=tcp tcp-flags=
!fin,!syn,!rst,!psh,!ack,!urg
add action=drop chain=input src-address-list=“port scanners”
add action=drop chain=input comment=“Filter FTP to Box” dst-port=21 protocol=
tcp src-address-list=ftp_blacklist
add chain=output content=“530 Login incorrect” dst-limit=1/1m,9,dst-address/1m
protocol=tcp
add action=add-dst-to-address-list address-list=ftp_blacklist
address-list-timeout=3h chain=output content=“530 Login incorrect”
protocol=tcp
add action=jump chain=forward comment=“Separate Protocol into Chains”
jump-target=tcp protocol=tcp
add action=jump chain=forward jump-target=udp protocol=udp
add action=jump chain=forward jump-target=icmp protocol=icmp
add action=drop chain=udp comment=“Blocking UDP Packet” dst-port=69 protocol=
udp
add action=drop chain=udp dst-port=111 protocol=udp
add action=drop chain=udp dst-port=135 protocol=udp
add action=drop chain=udp dst-port=137-139 protocol=udp
add action=drop chain=udp dst-port=2049 protocol=udp
add action=drop chain=udp dst-port=3133 protocol=udp
add action=drop chain=tcp comment=“Bloking TCP Packet” dst-port=69 protocol=tcp
add action=drop chain=tcp dst-port=111 protocol=tcp
add action=drop chain=tcp dst-port=119 protocol=tcp
add action=drop chain=tcp dst-port=135 protocol=tcp
add action=drop chain=tcp dst-port=137-139 protocol=tcp
add action=drop chain=tcp dst-port=445 protocol=tcp
add action=drop chain=tcp dst-port=2049 protocol=tcp
add action=drop chain=tcp dst-port=12345-12346 protocol=tcp
add action=drop chain=tcp dst-port=20034 protocol=tcp
add action=drop chain=tcp dst-port=3133 protocol=tcp
add action=drop chain=tcp dst-port=67-68 protocol=tcp
add chain=icmp comment=“Limited Ping Flood” icmp-options=0 limit=5,5:packet
protocol=icmp
add chain=icmp icmp-options=3:3 limit=5,5:packet protocol=icmp
add chain=icmp icmp-options=3:4 limit=5,5:packet protocol=icmp
add chain=icmp icmp-options=8 limit=5,5:packet protocol=icmp
add chain=icmp icmp-options=11 limit=5,5:packet protocol=icmp
add action=drop chain=icmp protocol=icmp
add chain=input comment=“Allow Broadcast Traffic” dst-address-type=broadcast
add chain=input comment=“Connection State” connection-state=established
add chain=input connection-state=related
add action=drop chain=input connection-state=invalid
add action=drop chain=virus comment=“Sockets des Troie” dst-port=1 protocol=udp
add action=drop chain=virus comment=Death dst-port=2 protocol=tcp
add action=drop chain=virus comment=“Senna Spy FTP server” dst-port=20
protocol=tcp
/ip firewall mangle
add action=mark-packet chain=prerouting comment=“voip-in packet mark hangout”
dst-address-list=external-nets new-packet-mark=voip-in passthrough=no
protocol=udp src-port=19302-19309
add action=mark-packet chain=prerouting comment=“voip-out packet mark hangout”
dst-port=19302-19309 new-packet-mark=voip-out passthrough=no protocol=udp
src-address-list=internal-nets
add action=mark-packet chain=prerouting comment=“voip-in packet mark hangout”
dst-address-list=external-nets new-packet-mark=voip-in passthrough=no
protocol=tcp src-port=19305-19309
add action=mark-packet chain=prerouting comment=“voip-out packet mark hangouts”
dst-port=19305-19309 new-packet-mark=voip-out passthrough=no protocol=tcp
src-address-list=internal-nets
/ip firewall nat
add action=netmap chain=srcnat disabled=yes src-address=192.168.1.9
to-addresses=103.245.118.68
add action=netmap chain=dstnat disabled=yes dst-address=103.245.118.68
to-addresses=192.168.1.9
add action=masquerade chain=srcnat comment=91_Main_Masquerade src-address=
192.168.0.0/21
add action=dst-nat chain=dstnat dst-address=103.245.118.66 dst-port=8991
protocol=tcp to-addresses=192.168.1.17 to-ports=80
add action=dst-nat chain=dstnat comment=DVR dst-address=103.245.118.66
dst-port=8000 protocol=tcp to-addresses=192.168.1.50 to-ports=8000
add action=dst-nat chain=dstnat comment=PRTG dst-address=103.245.118.66
dst-port=91 protocol=tcp to-addresses=192.168.1.9 to-ports=80
add action=dst-nat chain=dstnat disabled=yes dst-port=8000 in-interface=
ether1<NEXTRA/45Mb> protocol=tcp to-addresses=192.168.5.215 to-ports=80
/ip route
add check-gateway=ping distance=1 gateway=103.245.118.65
/ip service
set telnet disabled=yes
set ftp disabled=yes
set api disabled=yes
set api-ssl disabled=yes
/ip traffic-flow
set enabled=yes interfaces=ether5
/ip traffic-flow target
add dst-address=192.168.1.9 port=10004
/lcd
set time-interval=hour
/snmp
set enabled=yes trap-generators=interfaces trap-interfaces=all trap-target=
192.168.1.9,192.168.3.64,0.0.0.0 trap-version=2
/system clock
set time-zone-name=Asia/Kolkata
/system identity
set name=“MikroTik Router Del.OKhla Hub(primary)”
/system leds
set 0 interface=sfp-sfpplus1
set 1 interface=sfp-sfpplus1
set 2 interface=sfp1
/system ntp client
set enabled=yes primary-ntp=123.108.200.124 server-dns-names=in.pool.ntp.org
/system routerboard settings
set cpu-frequency=1200MHz memory-frequency=1066DDR protected-routerboot=
disabled
/system script
add name=E-mail owner=admin policy=
ftp,reboot,read,write,policy,test,password,sniff,sensitive source=”/system b
ackup save name=email;\r
\n/tool e-mail send to="*****" subject=([/syste
m identity get name]." backup") file=email.backup;\r
\n:log info "Backup e-mail sent.";"