Recently I’m experiencing a new strange bandwidth consumption not initiated from my “internal” clients. There is constant consumption of 5Mbps in both send/receive . When I use Tools > Torch to monitor internal network it seems that there is no single client (or even a collection of clients) that could potentially generate that amount of traffic. When I use Torch on the WAN side, I can see ridiculously large number of connections (so large sometimes that I receive an error in Google Chrome when running Mikrotik Webconfig), initiating from lots of different ports (and ip addresses) all of them connecting to 8080 port of my Mikrotik router. Router CPU usage is around 50%. When checking these IP addresses, some of them have been reported as “source of spam” in available databases on the internet.
I have tried to reboot router, or even shutdown the router for a few minutes, but as soon as I am back on the internet the attack initiates. I would be much grateful if someone could help me, first to diagnose the attack and to resolve it finally.