I've setup a new Mikrotik box.
My policy is to only allow traffic that's meant to be allowed and dropping anything else.
Soon after the upgrade to v6.43.1 I am finding a number of events in the logs like this one:
DROP-OUTPUT output: in:(unknown 0) out:ether24, proto UDP, 192.168.255.252:38962->159.148.147.201:15252, len 66
DROP-OUTPUT output: in:(unknown 0) out:ether24, proto UDP, 192.168.255.252:49614->159.148.172.251:15252, len 66
every two minutes. 192.168.255.252 is the management IP address of the box and there's also a default route though it.
Both public IPs are Latvian IPs.
And very likely they are run by the Mikrotik company itself as www.mikrotik.com=159.148.147.196 and download.mikrotik.com=159.148.147.204,159.148.172.226.
A similar box running v6.42.7 isn't showing such traffic.
That wouldn't be a problem, as long as I knew this is a normal™ behaviour.
Is this a normal behaviour?
What's going on?
Some investigation lead to this:
Useless to say that I don't have any Could service in use.UDP:15252 Used by MikroTik routers:
When enabled '/ip cloud' will send encrypted UDP packets to port 15252 to hosts that resolves from cloud.mikrotik.com. (https://wiki.mikrotik.com/wiki/Manual:IP/Cloud)
And that cloud.mikrotik.com resolves to 81.198.87.240 (for me at least).
Code: Select all
/ip cloud print
Once I disabled that setting, I am still able to see those outbound UDP packets.