CCR1009-8G-1S-1S+ ver. 6.43.4
Strange things have been happening with my internet service. For testing I ping 126.96.36.199 and "normal" is 20-50ms. About a month and a half ago I started having issues with my connection. I started my ping test and noticed times when my ping climbed and maintained 100-450ms for 2-4 minutes. I complained to the local ISP and they too could see issues between my modem and their node. The ISP has performed several fixes and they no longer see the issue but my ping testing still shows random spikes.
I decided to see what the router was showing. In Winbox (I'm too old and not bright enough to configure via CLI) I opened the Interface List. I see normal Tx and FP Tx flow in the 2 Mbps range. When the ping climbs to excessive range I noted my Tx and FP Tx in the 14Mbps range. As soon as the 2Mbps resumes pings are normal again. I opened Firewall>Connections and sorted by Orig/Repl Rate and monitored along side the Interface list. I see no connections in the list above 1.5 kbps.
So, I've been reading the forums. Since the FastPath Tx is spiking too I've been reading about FP figuring it is coming from there. I'm not sure if I'd see the FP connections in the connections list. I've looked at users and the only one is the Admin. I opened Scripts and see none listed. I looked at services, after the security issue a couple of months ago I disabled ftp, telnet and www-ssl, they're still off.
I cannot explain the sudden burst in traffic on ether2 (my only WAN port). Does this look like some sort of hack? If not, have you seen this before? Is there a better method to see the cause or connection? I'm not sure where to go from here.