So 100% load cpu with 65% networking.
i think someone ddos me.
I think they smth download form my server(because in interface sfp 1 tx 400 kbit, but rx much hier (about 5 mbts,im not sure i forgot)), i dont know how block download (and not sure i need block this or idk)
Re: High cpu networking
some screen
You do not have the required permissions to view the files attached to this post.
Re: High cpu networking
which ports is the traffic going to?
Also notice that you have a similar return traffic as well?
open dns server or some other traffic bounce?
What is your firewall config (/export hide-sensitive)?
Also notice that you have a similar return traffic as well?
open dns server or some other traffic bounce?
What is your firewall config (/export hide-sensitive)?
Re: High cpu networking
Thanks for attentionwhich ports is the traffic going to?
Also notice that you have a similar return traffic as well?
open dns server or some other traffic bounce?
What is your firewall config (/export hide-sensitive)?
/interface bridge
add name=bridge1
/interface wireless
set [ find default-name=wlan1 ] band=2ghz-b/g/n disabled=no mode=ap-bridge \
ssid=kpst18630
set [ find default-name=wlan2 ] ssid=kpst18630 wireless-protocol=802.11
/interface list
add name=internet
add name=Local
/interface wireless security-profiles
set [ find default=yes ] authentication-types=wpa-psk,wpa2-psk eap-methods="" \
mode=dynamic-keys supplicant-identity=MikroTik
/ip hotspot profile
set [ find default=yes ] html-directory=flash/hotspot
/ip pool
add name=dhcp_pool0 ranges=192.168.88.2-192.168.88.254
/ip dhcp-server
add address-pool=dhcp_pool0 disabled=no interface=bridge1 name=dhcp1
/interface bridge port
add bridge=bridge1 interface=ether1
add bridge=bridge1 interface=ether2
add bridge=bridge1 interface=ether3
add bridge=bridge1 interface=ether4
add bridge=bridge1 interface=ether5
add bridge=bridge1 interface=wlan1
add bridge=bridge1 interface=wlan2
/ip settings
set tcp-syncookies=yes
/interface list member
add interface=sfp1 list=internet
add interface=ether1 list=Local
add interface=ether2 list=Local
add interface=ether3 list=Local
add interface=ether4 list=Local
add interface=ether5 list=Local
add interface=wlan1 list=Local
add interface=wlan2 list=Local
/ip address
add address=192.168.88.1/24 interface=bridge1 network=192.168.88.0
/ip arp
add address=192.168.88.253 interface=bridge1 mac-address=18:31:BF:BD:2E:7E
add address=192.168.88.254 interface=bridge1 mac-address=18:31:BF:DF:8C:C2
/ip dhcp-client
add dhcp-options=hostname,clientid disabled=no interface=sfp1
/ip dhcp-server network
add address=192.168.88.0/24 gateway=192.168.88.1
/ip dns
set allow-remote-requests=yes
/ip firewall address-list
add address=192.168.88.0/24 list="Protect DDOS attack"
/ip firewall filter
add action=accept chain=forward connection-state=established,related
add action=drop chain=forward connection-state=invalid
add action=accept chain=input connection-state=established,related
add action=drop chain=input connection-state=invalid
add action=add-src-to-address-list address-list="Protect DDOS attack" \
address-list-timeout=1d chain=input connection-limit=100,32 \
in-interface-list=all protocol=tcp
add action=tarpit chain=input connection-limit=3,32 protocol=tcp \
src-address-list="Protect DDOS attack"
add action=jump chain=forward connection-state=new jump-target=SYN-Protect \
protocol=tcp tcp-flags=syn
add action=jump chain=input connection-state=new in-interface-list=internet \
jump-target=SYN-Protect protocol=tcp tcp-flags=syn
add action=return chain=SYN-Protect connection-state=new limit=50,5:packet \
protocol=tcp tcp-flags=syn
add action=drop chain=SYN-Protect connection-state=new protocol=tcp tcp-flags=\
syn
/ip firewall nat
add action=masquerade chain=srcnat out-interface=sfp1
add action=dst-nat chain=dstnat dst-address=MyIp dst-port=10000 \
in-interface=sfp1 protocol=tcp to-addresses=192.168.88.253 to-ports=10000
add action=dst-nat chain=dstnat dst-address=MyIp dst-port=80 \
in-interface=sfp1 protocol=tcp to-addresses=192.168.88.253 to-ports=80
add action=dst-nat chain=dstnat dst-address=MyIp dst-port=34197 \
in-interface=sfp1 protocol=udp to-addresses=192.168.88.254 to-ports=34197
add action=dst-nat chain=dstnat dst-address=MyIp dst-port=34198 \
in-interface=sfp1 protocol=tcp to-addresses=192.168.88.252 to-ports=34198
add action=dst-nat chain=dstnat dst-address=MyIp dst-port=8303 \
in-interface=sfp1 protocol=udp to-addresses=192.168.88.252 to-ports=8303
add action=dst-nat chain=dstnat dst-address=MyIp dst-port=4000 \
in-interface=sfp1 protocol=tcp to-addresses=192.168.88.252 to-ports=4000
add action=dst-nat chain=dstnat dst-address=MyIp dst-port=8304 \
in-interface=sfp1 protocol=udp to-addresses=192.168.88.254 to-ports=8304
add action=dst-nat chain=dstnat dst-address=MyIp dst-port=1000-8302 \
in-interface=sfp1 protocol=tcp to-addresses=192.168.88.253 to-ports=\
1000-8302
add action=dst-nat chain=dstnat dst-address=MyIp dst-port=10999-16000 \
in-interface=sfp1 protocol=tcp to-addresses=192.168.88.253 to-ports=\
10999-16000
add action=dst-nat chain=dstnat dst-address=MyIp dst-port=9014 \
in-interface=sfp1 protocol=tcp to-addresses=192.168.88.246 to-ports=9014
add action=dst-nat chain=dstnat dst-address=MyIp dst-port=2106 \
in-interface=sfp1 protocol=tcp to-addresses=192.168.88.246 to-ports=2106
add action=dst-nat chain=dstnat dst-address=MyIp dst-port=7777 \
in-interface=sfp1 protocol=udp to-addresses=192.168.88.246 to-ports=7777
add action=dst-nat chain=dstnat dst-address=MyIp dst-port=80 protocol=\
tcp src-address=192.168.88.0/24 to-addresses=192.168.88.253 to-ports=80
add action=dst-nat chain=dstnat dst-address=MyIp dst-port=10999-16000 \
protocol=tcp src-address=192.168.88.0/24 to-addresses=192.168.88.253 \
to-ports=10999-16000
add action=dst-nat chain=dstnat dst-address=MyIp dst-port=1000-8302 \
protocol=tcp src-address=192.168.88.0/24 to-addresses=192.168.88.253 \
to-ports=1000-8302
add action=masquerade chain=srcnat dst-address=192.168.88.253 dst-port=80 \
protocol=tcp src-address=192.168.88.0/24 to-ports=80
add action=masquerade chain=srcnat dst-address=192.168.88.253 dst-port=\
1000-8302 protocol=tcp src-address=192.168.88.0/24 to-ports=1000-8302
add action=masquerade chain=srcnat dst-address=192.168.88.253 dst-port=\
10999-16000 protocol=tcp src-address=192.168.88.0/24 to-ports=10999-16000
/ip service
set telnet disabled=yes
set ftp disabled=yes
set www disabled=yes
set ssh disabled=yes
set api disabled=yes
set api-ssl disabled=yes
/system clock
set time-zone-name=Asia/Krasnoyarsk
Can someone help in skype my login on screen
I cant use my innternet cus this "bad feels"
You do not have the required permissions to view the files attached to this post.
Re: High cpu networking
In torch which ports is the traffic going to?
Re: High cpu networking
Observations:
* input/forward is insufficiently guarded: only tcp is filtered (in some cases), upd goes through
+
= you're probably bombarded by dns requests, and being used for DDOS attacks, using DNS amplification attack
why don't you just stick to default firewall, it's more that enough in this case...
Bellow is just an optimisation
* if your ports are same in dst-nat, the ONE rule mapping the ip is enough without the to-port(s) property
* you case use "," to separate ports
* input/forward is insufficiently guarded: only tcp is filtered (in some cases), upd goes through
+
Code: Select all
/ip dns
set allow-remote-requests=yes
why don't you just stick to default firewall, it's more that enough in this case...
Bellow is just an optimisation
* if your ports are same in dst-nat, the ONE rule mapping the ip is enough without the to-port(s) property
* you case use "," to separate ports
Code: Select all
# From example
add action=dst-nat chain=dstnat dst-address=MyIp dst-port=10000 in-interface=sfp1 protocol=tcp to-addresses=192.168.88.253 to-ports=10000
add action=dst-nat chain=dstnat dst-address=MyIp dst-port=80 in-interface=sfp1 protocol=tcp to-addresses=192.168.88.253 to-ports=80
# TO example
add action=dst-nat chain=dstnat dst-address=MyIp dst-port=10000,80 in-interface=sfp1 protocol=tcp to-addresses=192.168.88.253
# From
add action=masquerade chain=srcnat dst-address=192.168.88.253 dst-port=80 protocol=tcp src-address=192.168.88.0/24 to-ports=80
add action=masquerade chain=srcnat dst-address=192.168.88.253 dst-port=1000-8302 protocol=tcp src-address=192.168.88.0/24 to-ports=1000-8302
add action=masquerade chain=srcnat dst-address=192.168.88.253 dst-port=10999-16000 protocol=tcp src-address=192.168.88.0/24 to-ports=10999-16000
# To
add action=src-nat chain=srcnat dst-address=192.168.88.253 dst-port=80,1000-8302,10999-16000 protocol=tcp src-address=192.168.88.0/24 to-address=<ip router?192.168.88.1>
Re: High cpu networking
Did it, but yesterday again ddosed.Code: Select all/ip dns set allow-remote-requests=yes
Can i see which port they ddos(but i not sure it is help if i close port)?
Re: High cpu networking
did what? the above is NOT an instruction what to do
The instruction was: "why don't you just stick to default firewall, it's more that enough in this case..."
The instruction was: "why don't you just stick to default firewall, it's more that enough in this case..."
Re: High cpu networking
Cus default doesnt help, and i try other ways.did what? the above is NOT an instruction what to do
The instruction was: "why don't you just stick to default firewall, it's more that enough in this case..."
Re: High cpu networking
Cus default doesnt help, and i try other ways.did what? the above is NOT an instruction what to do
The instruction was: "why don't you just stick to default firewall, it's more that enough in this case..."
Some one have any tips how to fix that?
Who is online
Users browsing this forum: Google [Bot], unhuzpt and 121 guests