PPPoE users generating random traffic

RouterOS General
1

Hey everyone

I have got a peculiar problem where the users on routers like Tp-Link, D-link etc are randomly uploading and causing CCR1036 CPU usage to go upto 100% causing packet loss
we have filtered lot of garbage:

  1. any unknown traffic generated from the network
  2. any spoof traffic coming into the network
  3. any DNS request coming from WAN
  4. any UDP packet coming from WAN
  5. any new TCP request coming from WAN
  6. any traffic from PPP going to PPP
  7. any traffic to access TCP port 20-23 from PPPoE (getting almost 10,000pps)
  8. ALL Invalid Packets
  9. ALL ICMP coming from WAN

still, there is a random upload that generates for 1~3 seconds from all the 500+ routers.
the only problem I think could effect is that the administrator before me had several IP addresses on PPPoE interface to serve static IP customers and that could be causing the havoc but for last 7~8 months the configuration is the same and nothing much has changed this problem started 3 days back.

All information/suggestion will be welcomed
Thanks

2

broadcast?

3

not exactly so what happens is that all clients start to transmit on dst-port 23(telnet) and just freeze the network for 2~5 seconds
although we have firewall rule that they cannot do this but still they generate traffic