###################################################################################################
found this while i was analyzing a DNS query attack on the server and i was trying to limit and drop queries per second
Mikrotik firewall was not filtering packets that was going to a specific IP on destination port 53 UDP with a Drop rule !
while flooding the device with fake dns queries the hotspot package was registering every request as a network device on the hosts tab
the ARP table was also registering the fake addresses generated by that queries and this lead to an ARP poisoning through port 53 UDP
This indicates major configuration mistakes, like configuring proxy-arp where not required and/or firewall mistakes like allowing incoming DNS queries on public interface.
Please show your /export hide-sensitive.