Community discussions

 
IcedFlame
just joined
Topic Author
Posts: 1
Joined: Tue Jul 09, 2019 9:45 am

hAP lite V6.42.1 CPU Maxed at 100%

Tue Jul 09, 2019 10:12 am

Hi Guys,

We have a hap lite which CPU sits at 100%, the MT kicks you out and when you try login again it tell you that your username and password is incorrect. We've updated the firmware, even replaced the router with another router. It keeps on rearing it's ugly head. At times the CPU runs as normal. Could someone please point me in the right direction? Could this be a DDoS attack?

Here is my config:

/interface bridge
add arp=proxy-arp fast-forward=no name=br0
/interface ethernet
set [ find default-name=ether1 ] advertise=\
10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full comment=\
Internet mac-address=E4:8D:8C:5B:74:C4
set [ find default-name=ether2 ] advertise=\
10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full comment=IPX \
mac-address=E4:8D:8C:5B:74:C5
set [ find default-name=ether3 ] advertise=\
10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full comment=Pumps \
disabled=yes mac-address=E4:8D:8C:5B:74:C6
set [ find default-name=ether4 ] advertise=\
10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full mac-address=\
E4:8D:8C:5B:74:C7
/interface pppoe-client
add disabled=no interface=ether1 keepalive-timeout=20 max-mru=1480 max-mtu=\
1480 mrru=1600 name=pppoe-out-andrew password=andrew123 service-name=ISP \
user=andrew
/interface pwr-line
set [ find default-name=pwr-line1 ] disabled=yes mac-address=\
CC:2D:E0:84:93:56
/interface wireless security-profiles
set [ find default=yes ] authentication-types=wpa-psk,wpa2-psk eap-methods="" \
supplicant-identity=MikroTik wpa-pre-shared-key=XXXXXX06 \
wpa2-pre-shared-key=XXXXXXX06
add authentication-types=wpa-psk,wpa2-psk eap-methods="" group-ciphers=\
tkip,aes-ccm mode=dynamic-keys name=AP-Profile supplicant-identity="" \
unicast-ciphers=tkip,aes-ccm wpa-pre-shared-key=xxxxx05036 \
wpa2-pre-shared-key=xxxxxx05036
/interface wireless
set [ find default-name=wlan1 ] country="south africa" disabled=no \
installation=indoor mode=ap-bridge name=wlan3 security-profile=AP-Profile \
ssid=Platsak-YEL wireless-protocol=802.11
/interface wireless nstreme
set wlan3 disable-csma=yes enable-polling=no
/ip ipsec proposal
set [ find default=yes ] enc-algorithms=aes-128-cbc
/ip kid-control
add fri="" mon="" name=Justin rate-limit=1M sat="" sun=0s-7h59m thu="" tue="" \
tur-sun=8h-16h wed=""
add fri="" mon="" name=Anika rate-limit=2048 sat="" sun="" thu="" tue="" wed=\
""
add fri="" mon="" name="Henriette PC" rate-limit=2048 sat="" sun="" thu="" \
tue="" wed=""
/ip pool
add name=dhcp_pool1 ranges=x.x10.75-x.x.10.96,x.x.10.100-x.x.10.149
/ip dhcp-server
add add-arp=yes address-pool=dhcp_pool1 authoritative=after-2sec-delay \
disabled=no interface=br0 name=dhcp1
/queue tree
add disabled=yes max-limit=10M name="Global Limit" parent=global queue=\
default
add disabled=yes name=Main-In parent="Global Limit" priority=1 queue=\
pcq-download-default
add disabled=yes name=Main-Out parent="Global Limit" priority=1 queue=\
pcq-upload-default
add burst-limit=10M burst-threshold=9M burst-time=20s disabled=yes name=In \
parent=Main-In queue=pcq-download-default
add burst-limit=1M burst-threshold=768k burst-time=20s disabled=yes name=Out \
parent=Main-Out queue=pcq-upload-default
add disabled=yes name=https-dn packet-mark=https-dn parent=In priority=6 \
queue=pcq-download-default
add disabled=yes name=http-dn packet-mark=http-dn parent=In priority=4 queue=\
pcq-download-default
add disabled=yes name=in-PRIO parent=Main-In priority=1 queue=\
pcq-download-default
add disabled=yes name=VoIP-dn packet-mark=sip-in parent=in-PRIO priority=1 \
queue=pcq-download-default
add disabled=yes name=Out-Prio parent=Main-Out priority=1 queue=\
pcq-upload-default
add disabled=yes name=VoIP-up packet-mark=sip-out parent=Out-Prio priority=1 \
queue=pcq-upload-default
add disabled=yes name=http--up packet-mark=http_up parent=Out priority=4 \
queue=pcq-upload-default
add disabled=yes name=https-up packet-mark=https_up parent=Out priority=6 \
queue=pcq-upload-default
add disabled=yes name=mail-up parent=Out priority=1 queue=pcq-upload-default
add disabled=yes name=mail-dn parent=In priority=1 queue=pcq-download-default
add disabled=yes name=rest-dn packet-mark=rest-in parent=In queue=\
pcq-download-default
add disabled=yes max-limit=1M name=rest-up packet-mark=rest-out parent=Out \
queue=pcq-upload-default
add disabled=yes name=Winbox-dn packet-mark=winbox-dn parent=in-PRIO queue=\
default
add disabled=yes name=Winbox-up packet-mark=winbox-up parent=Out-Prio queue=\
pcq-upload-default
add disabled=yes max-limit=100k name=icmp-dn packet-mark=icmp-dn parent=\
in-PRIO priority=1 queue=pcq-download-default
add disabled=yes max-limit=100k name=icmp-up packet-mark=icmp-up parent=\
Out-Prio priority=1 queue=pcq-upload-default
add disabled=yes name=https-BIG-dn packet-mark=https_big_dn parent=In queue=\
pcq-download-default
add disabled=yes name=https-BIG-up packet-mark=https_big_up parent=Out queue=\
pcq-upload-default
add disabled=yes name="256k limit" packet-mark=256k-out parent=Out queue=\
default
/snmp community
set [ find default=yes ] addresses=x.x.x.x/24
/interface bridge port
add bridge=br0 hw=no interface=ether2
add bridge=br0 hw=no interface=ether3
add bridge=br0 hw=no interface=ether4
add bridge=br0 interface=wlan3
/interface bridge settings
set use-ip-firewall=yes use-ip-firewall-for-pppoe=yes \
use-ip-firewall-for-vlan=yes
/ip address
add address=x.x.x.55/24 interface=br0 network=x.x.10.0
/ip dhcp-server lease
add address=x.x.x.105 always-broadcast=yes client-id=1:4:8d:38:bb:4d:9 \
mac-address=04:8D:38:BB:4D:09 server=dhcp1
add address=x.x.x.85 client-id=1:18:81:e:53:88:5a mac-address=\
18:81:0E:53:88:5A server=dhcp1
add address=x.x.x.87 client-id=1:c0:a6:0:6f:85:57 mac-address=\
C0:A6:00:6F:85:57 server=dhcp1
/ip dhcp-server network
add address=x.x.10.0/24 dns-server=8.8.8.8 gateway=x.x.x.55
/ip dns
set servers=x.x.0.253
/ip firewall address-list
add address=x.221.0.0/24 list=voip
add address=x.x.10.240 disabled=yes list=pabx
add address=x.x.10.60 list=pabx
add address=x.x.177.0/24 list=voip
add address=x.x.130.195 list=Amazon
add address=x.x.10.105 disabled=yes list=256kOut
add address=x.x.10.70-x.x.10.96 list=Limited
add address=x.x.10.17 disabled=yes list=Limited
add address=x.x10.105 list=Limited
/ip firewall filter
add action=add-src-to-address-list address-list="port scanners" \
address-list-timeout=2w chain=input comment="Port scanners to list " \
protocol=tcp psd=21,3s,3,1
add action=add-src-to-address-list address-list="port scanners" \
address-list-timeout=2w chain=input comment="NMAP FIN Stealth scan" \
protocol=tcp tcp-flags=fin,!syn,!rst,!psh,!ack,!urg
add action=add-src-to-address-list address-list="port scanners" \
address-list-timeout=2w chain=input comment="SYN/FIN scan" protocol=tcp \
tcp-flags=fin,syn
add action=add-src-to-address-list address-list="port scanners" \
address-list-timeout=2w chain=input comment="SYN/RST scan" protocol=tcp \
tcp-flags=syn,rst
add action=add-src-to-address-list address-list="port scanners" \
address-list-timeout=2w chain=input comment="FIN/PSH/URG scan" protocol=\
tcp tcp-flags=fin,psh,urg,!syn,!rst,!ack
add action=add-src-to-address-list address-list="port scanners" \
address-list-timeout=2w chain=input comment="ALL/ALL scan" protocol=tcp \
tcp-flags=fin,syn,rst,psh,ack,urg
add action=add-src-to-address-list address-list="port scanners" \
address-list-timeout=2w chain=input comment="NMAP NULL scan" protocol=tcp \
tcp-flags=!fin,!syn,!rst,!psh,!ack,!urg
add action=drop chain=input comment="dropping port scanners" \
src-address-list="port scanners"
add action=drop chain=forward comment="Drop invalid traffic" \
connection-state=invalid log=yes log-prefix=INV_CON_STAT
/ip firewall mangle
add action=mark-packet chain=prerouting comment=";;;; Inbound Marking" \
in-interface=all-ppp new-packet-mark=icmp-dn passthrough=yes protocol=\
icmp
add action=mark-packet chain=prerouting in-interface=all-ppp new-packet-mark=\
http-dn passthrough=yes protocol=tcp src-port=80,8080
add action=mark-packet chain=prerouting in-interface=all-ppp new-packet-mark=\
mail-in passthrough=yes protocol=tcp src-port=465,110,143,993,995,585
add action=mark-packet chain=prerouting in-interface=all-ppp new-packet-mark=\
https-dn passthrough=yes protocol=tcp src-port=443
add action=mark-packet chain=prerouting connection-bytes=100000000-0 \
in-interface=all-ppp new-packet-mark=https_big_dn passthrough=yes \
protocol=tcp src-port=443,80
add action=mark-packet chain=prerouting dst-port=8291 in-interface=all-ppp \
new-packet-mark=winbox-dn passthrough=yes protocol=tcp
add action=mark-packet chain=prerouting comment="Voip inbound" in-interface=\
all-ppp new-packet-mark=sip-in passthrough=yes src-address-list=voip
add action=mark-packet chain=prerouting comment="Voip inbound" in-interface=\
all-ppp new-packet-mark=sip-in passthrough=yes protocol=tcp src-port=5060
add action=mark-packet chain=prerouting comment="Voip inbound" in-interface=\
all-ppp new-packet-mark=sip-in passthrough=yes protocol=udp src-port=\
5060,10000-20000
add action=mark-packet chain=prerouting comment="PABX inbound" in-interface=\
all-ppp new-packet-mark=sip-in passthrough=yes src-address-list=pabx
add action=mark-packet chain=prerouting comment="Rest inbound" in-interface=\
all-ppp new-packet-mark=rest-in packet-mark=no-mark passthrough=yes
add action=mark-packet chain=postrouting comment=";;;; Outbound Marking" \
new-packet-mark=winbox-up out-interface=all-ppp passthrough=yes protocol=\
tcp src-port=8291
add action=mark-packet chain=postrouting comment="256k outbound" \
new-packet-mark=256k-out out-interface=all-ppp passthrough=no \
src-address-list=Limited
add action=mark-packet chain=postrouting comment="Limited outbound" \
new-packet-mark=256k-out out-interface=all-ppp passthrough=no \
src-address-list=256kOut
add action=mark-packet chain=postrouting new-packet-mark=icmp-up \
out-interface=all-ppp passthrough=yes protocol=icmp
add action=mark-packet chain=postrouting dst-port=443 new-packet-mark=\
https_up out-interface=all-ppp passthrough=yes protocol=tcp
add action=mark-packet chain=postrouting connection-bytes=100000000-0 \
dst-port=443,80 new-packet-mark=https_big_up out-interface=all-ppp \
passthrough=yes protocol=tcp
add action=mark-packet chain=postrouting dst-port=8080,80 new-packet-mark=\
http_up out-interface=all-ppp passthrough=yes protocol=tcp
add action=mark-packet chain=prerouting dst-port=25,587,2525,465 \
new-packet-mark=mail-out passthrough=yes protocol=tcp
add action=mark-packet chain=postrouting dst-port=5060 new-packet-mark=\
sip-out out-interface=all-ppp passthrough=yes protocol=udp \
src-address-list=pabx
add action=mark-packet chain=postrouting dst-port=10000-20000 \
new-packet-mark=sip-out out-interface=all-ppp passthrough=yes protocol=\
udp src-address-list=pabx
add action=mark-packet chain=postrouting dst-port=10000-20000 \
new-packet-mark=sip-out out-interface=all-ppp passthrough=yes port="" \
protocol=tcp src-address-list=pabx
add action=mark-packet chain=postrouting new-packet-mark=sip-out \
out-interface=all-ppp passthrough=yes src-address-list=pabx
add action=mark-packet chain=prerouting connection-type=sip new-packet-mark=\
sip-out passthrough=yes src-address-list=pabx
add action=mark-packet chain=postrouting comment="Rest outbound" \
new-packet-mark=rest-out out-interface=all-ppp packet-mark=no-mark \
passthrough=yes
add action=add-src-to-address-list address-list=Mail_spam \
address-list-timeout=none-dynamic chain=prerouting disabled=yes \
dst-address=x.x.5.4 dst-port=25 protocol=tcp
/ip firewall nat
add action=masquerade chain=srcnat out-interface=all-ppp
add action=dst-nat chain=dstnat disabled=yes dst-port=5060-5061 in-interface=\
all-ppp protocol=tcp to-addresses=x.x.10.60 to-ports=5060-5061
add action=dst-nat chain=dstnat disabled=yes dst-port=5060-5061 in-interface=\
all-ppp protocol=udp to-addresses=x.x.10.60 to-ports=5060-5061
add action=dst-nat chain=dstnat disabled=yes dst-port=10000-11000 \
in-interface=all-ppp protocol=udp to-addresses=x.x.10.60 to-ports=\
10000-11000
add action=dst-nat chain=dstnat disabled=yes dst-port=50000 in-interface=\
all-ppp protocol=tcp to-addresses=x.x.10.60 to-ports=50000
add action=dst-nat chain=dstnat disabled=yes dst-port=50000 in-interface=\
all-ppp protocol=udp to-addresses=x.x.10.60 to-ports=50000
add action=dst-nat chain=dstnat disabled=yes dst-port=52999 in-interface=\
all-ppp protocol=udp to-addresses=x.x.10.60 to-ports=52999
add action=dst-nat chain=dstnat disabled=yes dst-port=52999 in-interface=\
all-ppp protocol=tcp to-addresses=x.x.10.60 to-ports=52999
add action=dst-nat chain=dstnat disabled=yes dst-port=0-65535 in-interface=\
all-ppp log=yes log-prefix="pbx tcp" protocol=tcp to-addresses=x.x.10.60 \
to-ports=0-65535
add action=dst-nat chain=dstnat comment="Enable from here" disabled=yes \
dst-port=80,8080,443,8089 in-interface=all-ppp log-prefix="pbx tcp" \
protocol=tcp to-addresses=x.x.10.60 to-ports=0-65535
add action=dst-nat chain=dstnat disabled=yes dst-port=10-65535 in-interface=\
all-ppp log-prefix=pbxudp protocol=udp to-addresses=x.x.10.60 to-ports=\
10-65535
add action=dst-nat chain=dstnat disabled=yes dst-port=9 in-interface=all-ppp \
log-prefix=teamv-udp protocol=udp to-addresses=x.x.10.20 to-ports=9
add action=dst-nat chain=dstnat disabled=yes dst-port=10-8290 in-interface=\
all-ppp log-prefix=pbxudp protocol=tcp to-addresses=x.x.10.60 to-ports=\
10-8290
add action=dst-nat chain=dstnat disabled=yes dst-port=9 in-interface=all-ppp \
log-prefix=teamv-tcp protocol=tcp to-addresses=x.x.10.20 to-ports=9
add action=dst-nat chain=dstnat disabled=yes dst-port=8293-65535 \
in-interface=all-ppp log-prefix=pbxudp protocol=tcp to-addresses=\
x.x.10.60 to-ports=8293-65535
add action=dst-nat chain=dstnat disabled=yes dst-port=3389 in-interface=\
all-ppp log-prefix=RDP protocol=tcp to-addresses=x.x.10.17 to-ports=3389
/ip firewall service-port
set ftp disabled=yes
set tftp disabled=yes
set irc disabled=yes
set h323 disabled=yes
set sip disabled=yes
set pptp disabled=yes
set udplite disabled=yes
set dccp disabled=yes
set sctp disabled=yes
/ip route
add check-gateway=ping comment=ISP distance=1 gateway=pppoe-out-andrew
add check-gateway=ping distance=4 gateway=x.x.10.56
add distance=1 dst-address=x.x.0.253/32 gateway=pppoe-out-andrew
/ip service
set telnet disabled=yes
set ftp disabled=yes
set ssh disabled=yes
set winbox address=x.x.x.x/21,x.x.x.x/24
/ip ssh
set allow-none-crypto=yes forwarding-enabled=remote
/ip upnp interfaces
add interface=br0 type=internal
add interface=pppoe-out-andrew type=external
/system clock
set time-zone-name=Africa/Johannesburg
/system identity
set name=Platsak-Breakout
/system ntp client
set enabled=yes primary-ntp=45.222.43.250
/system routerboard settings
set cpu-frequency=750MHz
/system script
add dont-require-permissions=no name=bandwidth_test owner=admin policy=\
ftp,read,write,test,sniff,sensitive source="#HTTP testing implementation v\
3\r\
\n#Written By Omega-00 - December 2010\r\
\n \r\
\n#user editable values\r\
\n:local server \"www.is.co.za\"\r\
\n:local file \"/Pages/default.aspx\"\r\
\n#Recommend not running any more than 500 for RB1000/1100/800\r\
\n:local iterations 4\r\
\n#amount of time to run script for in seconds\r\
\n:local time 30\r\
\n \r\
\n### End of user editable values ###\r\
\n:local counter\r\
\n \r\
\n:for counter from=1 to=\$iterations do={\r\
\n/system scheduler add interval=1s start-time=startup name=\"load-test-\$\
counter\" on-event=\"/tool fetch keep-result=no mode=http address=\$server\
\_host=\$server src-path=\\\"\$file\\\"; /tool fetch keep-result=no mode=h\
ttp address=\$server host=\$server src-path=\\\"\$file\\\";\""
/system watchdog
set auto-send-supout=yes send-email-from=mailrelay@gmail.com \
send-email-to=xxx@gmail.com send-smtp-server=1.1.1.1 \
watch-address=x.x.x.x
/tool e-mail
set address=154.0.165.48 from=mailrelay@xxx.co.za password=xxxxxxxx \
port=587 user=mailrelay@xxx.co.za
/tool graphing interface
add interface=pppoe-out-andrew
/tool netwatch
add down-script="/ip route set [/ip route find where comment=\"xxx1\"] distance\
=8\
\n{\
\n:local subject \"ALERT: Main internet Down! Failed over to 3G: Sent from\
\_PlatsakRouter \$[/system identity get name] router at \$[/system clock g\
et date] \$[/system clock get time]\";\
\n\
\n/tool e-mail send to=\"xxx@icloud.com\" subject=\"\$subject\"\
\_body=\"\$subject\"\
\n\
\n/tool e-mail send to=\"xxx@gmail.com\" subject=\"\$subject\" body\
=\"\$subject\"}" host=x.x.x.x timeout=6s up-script="/ip route set [/ip \
route find where comment=\"xxx\"] distance=1\
\n{\
\n:local subject \"ALERT: Main internet Restored: Sent from XXXRouter \
\$[/system identity get name] router at \$[/system clock get date] \$[/sys\
tem clock get time]\";\
\n\
\n/tool e-mail send to=\"xxx@icloud.com\" subject=\"\$subject\"\
\_body=\"\$subject\"\
\n\
\n/tool e-mail send to=\"xxx@gmail.com\" subject=\"\$subject\" body\
=\"\$subject\"}"

Thank you,


Justin

Who is online

Users browsing this forum: No registered users and 73 guests