recently, my RB2011UAS-RM with the latest ROS(6.9) has been choking on outbound requests. I have no idea what is causing this, so I have attached screenshots showing some of what I know to be causing issues. When I disconnect all computers on the network, the Tx is still maxing out the ISP’s provided upload bandwidth (14mbps). This is causing the internet to essentially stop working.
Here is a list of the current connections. There are over 500 all going to the same IP address, but varying ports.
Here is the the interface page ss. Moments before snapping the SS, the internet restored its self back to a working state. (the highlighted section is what was showing 14mbps traffic).
It almost appears that the router is hacked, and is attacking another host.
Any suggestions are welcome, and more information is available upon request.
If the dst. address is your public ip on ether1, then it looks like somebody is abusing your dns. These rules normally stops it.
/ip firewall filter
add chain=input action=drop dst-port=53 protocol=udp in-interface=ether1
add chain=input action=drop dst-port=53 protocol=tcp in-interface=ether1
SurferTim, Thanks for the fast reply!
I have applied this to the router, and will wait to see if it makes a difference. Currently - there is nothing out of ordinary going on.
On a side note, how does one benefit from abusing my DNS?
Here is one of many articles on the subject.
http://openresolverproject.org/
You can Google “dns recursion open dns servers” for other articles.
@SurferTim
Thanks for the tip! I had been seeing this happen to my router since the 5th at about an interval of every 4 hours and so far this has taken care of it. Still monitoring, so far so good.
Thanks,
@SurferTim,
Thanks for your reply. This seems to be working for me. I’ve been dealing with this since the 5th at an interval of every 4 hours. Everything is working at 100% now. Still monitoring it closely, but so far so good.
Thanks,