See the attached image.
My ether2 port is showing a transmit of 6.4Mbps.. nothing on the network is really functioning, and I don’t see any of the other ports showing much traffic to indicate why it could be transmitting so much.
Is there a vulnerability or something that could be causing this to go bezerk? I am running version 6.4 currently.
you can check with torch tool what traffic is coming to your router
I’ll play with torch again but it only spat out one line that didn’t quite help.
I used the packet sniffer and saw a lot of strange DNS traffic and searched this forum and found it was a DNS amplification attack.
After setting up a few drop rules, the network returned to functional except that also stopped DNS requests from responding internally for some reason.. I’m dropping only inbound packets from the gateway.
I’m fine for now though as I have DHCP feeding the google DNS for now.
If no one outside your network needs access to your routerOS DNS:
In webfig, goto IP->Firewall, create a rule: chain=input action=drop protocol=udp in-interface=internet-gateway dst-port=53