After some bandwidth testing i noticed that my uplink speed wasn´t like it used to be.
So i tried to check where it was used.
This is what i can see in WinBox.
http://imgur.com/a/iRtKS
My Wan & Wanbridge is transmitting something.. but what? From what i can see no connected port(eth7) use the bridge.
Is the router sending data on its own? or am i misunderstanding something? Most likely the later.
The router is a CCR1009-8G-1S-1S+
Check your firewall settings.
Maybe is a DNS attack on port 53 http://wiki.mikrotik.com/wiki/DDoS
Check and these:
http://wiki.mikrotik.com/wiki/DoS_attack_protection
http://wiki.mikrotik.com/wiki/DDoS_Detection_and_Blocking
Make a Tools->Torch and select also and the port to see what happens on WAN
Thanks JB172,
There were many connections to my 53 port.
After I disabled external Dns requests the Tx rate went from 20~40 mbps to ~400kbps.
What do they gain by spamming my Dns? or is it only for screwing with my connection?
This article explains it quite well: https://www.us-cert.gov/ncas/alerts/TA13-088A
The same applies to most protocols, especially UDP ones (NTP is another well-known one).