I have a RB450 running v3.11 with 4 ports in use.
I was seeing malicious pings counting up in my filter rules, so I did a packet sniff and saw they were destined to an IP on ethernet port 3.
Just for testing, I disabled ethernet port 3. To my surprise, the pings kept arriving and counting up in my filter rule.
I created another filter rule to log the packets and they showed up in the log as
" forward: in:(unknown) out:ether2 ". The out:ether2 part is fine, but in:(unknown) seems odd.
This made we wonder if the pings were really entering on ethernet port 3. I unplugged the cable in port 3, and the log entries stopped. I plugged it back in and the pings were received, counted, and logged again. Clearly, these pings were entering my router from port 3, even though port 3 was disabled.
Since packets were entering, I tried to run torch on ether3, but it immediately complained:
“Torch Error - interface not up and running (6)”
So I know that ether 3 was really disabled.
While it was disabled, the Interface List in WinBox showed Rx bytes arriving on ether3 even though it was marked with an “x” and the line was grayed out.
I rebooted the router with ether3 still disabled. When it came back up, WinBox “Interface List” now does not show any data for ether3, However, the filter rule still shows the packets entering and the log shows the details, including the odd “forward: in:(unknown)…”. I guess since ether3 is disabled, the routing process doesn’t know what interface this is and labels it as ‘unknown’.
My question is, are disabled ports supposed to accept traffic for forwarding to other ports? This just doesn’t seem right.
Has anyone else seen this? Is this expected behavior on a disabled port?
If everyone agrees this is a bug, I’ll forward a supout.rif to MT.