Hey Community’
Recently I have configured Policy Based Routing. My scenario is that LAN1 Traffic going through WAN1 & LAN2 Traffic going through WAN2. I have observed much TX traffic on WAN1, However I didn’t saw much traffic on any other interface. Why WAN1 is behaving like that? Interfaces Screen shot is attache for the review. Please review & update accordingly.
Regards’
Most probably DDOS attack , have you configured firewall
Sent from my MI MAX using Tapatalk
Yes, Firewall has been configured.
Regards’
Run torch to see what kind of traffic is this.
Screen shot of Torch output is attached, Please review.
Regards’
Hi,
please provide the following information:
/ip firewall filter export compact
/ip dns export compact
Additionally, do another torch, this time, check “Protocol” and “Port”.
I suppose you’re accidentally running an open DNS resolver.
Regards,
Ape
Yes it was DNS issue. After disabling DNS, it is working normally.
Regards’
Hi,
Running the DNS cache is not your problem. It’s not having appropriate firewall rules.
Please do yourself and the rest of the internet the favor of securing your device!
Regards,
Ape
The same thing happened to me a few weeks ago.
I’ve solved it by setting an input filter rule.
What are these guys trying to achieve by messing with our DNS servers?
I’m curious.
Hi,
simply spoken, these “bad guys” use your DNS resolver to amplify there attack.
They send DNS “small” requests (just a few bytes) with a spoofed source IP address. Your DNS resolver answers to the spoofed source IP address with a much larger response, resulting in an amplification of the original traffic.
Regards,
Ape