What exactly causes 100% CPU load?

bat0nas · April 19, 2021, 10:22am

My router is constantly being DDOS’ed (don’t ask me why ).
I made some scripts and see that during ddos my CPU is loaded 60% which makes it inaccessible. But in particular CPU 3 is loaded 100% by some firewall operations (from the Profile tool).

How to know exactly what FW rules are being processed?
I would gladly disable those FW rules. Just need to understand what causes router to go down.

PS: ICMP is disabled as a TOP fw rule in my config. So it’s something else.
PS2: https://help.mikrotik.com/docs/pages/viewpage.action?pageId=28606504 this also has been applied. Didn’t help.

mkx · April 19, 2021, 4:53pm

All FW rules have counters … check which counter is incrementing the most while under DDOS. Don’t blindly disable that rule, result might be vulnerable LAN.

rextended · April 19, 2021, 4:59pm

check if the dns responder is active or not, eventually put a firewall rule.