Gotta love waking up and connectivity seems a little strange. Pings are higher than they should be with a bit more loss than usual, though all of it sporadic. Check the edge router and it’s at 100% CPU. Okay… firewall using 94%. Okay… Not passing more than a couple thousand packets per second. Okay… No large lists in address lists. No changes in a couple weeks. No queues for mangle rules doing anything to speak of.
Disable tarpits.
Disable more firewalls.
Disable connection tracking.
Rebooted.
I tried all of those things (not necessarily in that order). Nothing.
Just sitting there looking at it… everything goes back to normal.
See connection table under IP/Firewall.
I have one router which is under attack and there are constant 15 DNS questions per sec. from all arounf world.
You can also check Tools/Torch to see what is coming to your router.
Nothing shows in that table at all now, but I’m not having difficulty either. I have DNS blocked except for from specific sources. I wouldn’t consider 15 requests per second all that heavy, but then again the packet counters only showed a few thousand packets per second and it was crippled. I have that same amount of traffic now and the firewall is only using 5.5%, all processes under 10% in aggregate.
Torch was useless as there wasn’t enough CPU available to handle it.
Not the biggest box, but it is an RB1200. That should be able to handle most things.
Here is how I am logging what is being dropped in my firewall. You could modify this log file and track everything. Just put it at the top.
chain=forward action=log src-address=172.17.0.0/16 dst-address=0.0.0.0/0 in-interface=LAN 1 log=no log-prefix=“”