So it looks like someone has gotten wise to Mikrotik's having bandwidth-test enabled by default and pretty much every public IP-facing Mikrotik we have has logs looking like this now:



Upside: Getting more targeted attacks against Mikrotiks means they're becoming just that much more mainstream!
Downside: Getting more targeted attacks.

I mean yeah, it's our fault for not disabling or securing it from "default-to-on-and-open" in the first place. Anyway, this is an easy audit/fix for most people, just disable the bandwidth-test server where not needed, and firewall it otherwise.

On a related note, it would be nice to see bandwidth-test server moved to IP / services so all the useless services can be disabled in one place.

I might agree with that, services are kind of all overish