Hi R1CH,
Thanks for your reply.
Everytime this happens I block the MAC in Hotspot > IP-Binginds.
So it happened again today and here are some informations:
Sometimes it does not take 100% CPU use, just around 15-25% ( only for this IP tasks ).
I've noticed that it happens with Android phones, and appears that it's trying to reach Google IP's.
Add this rules
/ip firewall filter
add action=accept chain=pre-hs-input comment="Limit https unauth " \
connection-state=new disabled=no dst-limit=1,1,src-address/1m40s dst-port=\
64875 protocol=tcp
add action=reject chain=pre-hs-input connection-state=new disabled=no dst-port=\
64875 protocol=tcp reject-with=icmp-admin-prohibited
add action=accept chain=pre-hs-input comment="limit http unauth" \
connection-state=new disabled=no dst-limit=1,1,src-address/1m40s dst-port=\
64874 protocol=tcp
add action=reject chain=pre-hs-input connection-state=new disabled=no dst-port=\
64874 protocol=tcp reject-with=icmp-admin-prohibited
It will cap http/https auth request, and CPU usage will back to normal.
5.x compatible, not sure if 6.x will need some syntax changes.
Position this rules on top of others pre-hs-inpit rules