The WAN (Internet) is provided by a local Iraqi company, so we have 5 public IPs in a /28 subnet. I’ve already found a camera, another mikrotik router, and an unsecured (default username/password) UBNT antenna on our subnet. I do a UBNT discovery scan and come up with about 33 other UBNT devices. So it’s not like our WAN is being professionally done.
I noted anywhere from 2 - 10 Mbps hitting the WAN interface (see attachment). Wondering if anyone here has any ideas about it. Doesn’t seem like a DOS attack, unless it is a poor one. Maybe something misconfigured on their side. Wanting to know if this would be effecting our ability to download traffic, or if I should even be worried about this.
Anything what comes to you unwanted eats your download bandwidth. If you pay for a byte transferred, it is bad. If you pay for bandwidth available, it is bad. If the uplink is a wireless one (which it is not in your case), it is bad even if you don’t pay for bandwidth and even if the useless traffic doesn’t go your way as it wastes the bandwidth for everyone on that wireless network, you included. So do raise a claim with the ISP, they must be able to identify the source and talk to them.
What you can do at your side if the unwanted traffic comes with your IP addresses as destinations is to block arp requests coming through the WAN interface except those coming from the gateway’s MAC address. If the sending device doesn’t get an answer to its arp request, it doesn’t know where to send the real traffic, and the bandwidth occupied by arp requests should be much lower than the unsuccessful attempts to set up TCP sessions and other connections.
But focusing at your torch results after all, I can see there almost nothing which would match what you have described - the remote IPs are not in the same subnet as the local ones. So can you list which of the addresses there are your public ones, and whether you use the 192.168.19.0/24 subnet?
