hi,
i have a problem with my router board
it is using 100% and showing un-Idntified traffic on interfaces
below Fig: do not has LAN traffic but it showing 7.5 Mbps on WAN side
can somone please help me.
thank you,
ven
torch on wan interface or go to ip firewall connections
what do you see?
Disable “allow remote requests” in DNS settings, had the same issue with my 2011 after i ran cpu profile i found out that DNS was using the whole cpu.
Using Torch on the interface will give more information about the traffic and what the source is.
Hi,
here is my torch on WAN interface and one IP Address using all bandwidth 146.185.142.174
can some please help me here
thank you
ven
It would help if you could run torch again with protocol and port checked so that we can see what kind of traffic it is.
Hi,
now I can not see that IP which I mentioned in previous slide.
but I can see some other IP addresses.
I am attaching screen shots below
thank you,
ven
Hi
Try what “rufee” suggested…
And you probably want to add some firewall filter rules to protect your WAN interface.
i also see such issue on customer routers. My solutions was:
- create an access list for used DNS servers
- create a firewall rule to drop all incoming packets what’s targetting udp/53 and NOT originated from src-address-list=dns-servers and coming from WAN interface.
however i would welcome a solution from Mikrotik what allows to configure local DNS service access like other IP services:
offer a list of allowed hosts/subnets.