Community discussions

 
bledar
Member Candidate
Member Candidate
Topic Author
Posts: 234
Joined: Mon Nov 26, 2007 11:44 am
Location: Tirana/Albania

Parasite Upload Bandwidth

Wed Aug 27, 2008 1:11 pm

Hello!

I have upload bandwidth activity full from my router to internet.
I see that the source IP is 209.249.222.27/32 (erotic site) port 53(dns) destination my LAN IPs on different ports (IPs of computers connected to LAN interface).
Different port for each IP.

Please, what configuration I can do for dropping and not accepting any connections from/to this IP.
What may it is?

Thank you in advace for your help!

Bledar
indriti_@hotamil.com
Regards.
 
User avatar
normis
MikroTik Support
MikroTik Support
Posts: 24268
Joined: Fri May 28, 2004 11:04 am
Location: Riga, Latvia

Re: Parasite Upload Bandwidth

Wed Aug 27, 2008 1:15 pm

I suggest you to protect your router and network as described here in the first few articles:
http://wiki.mikrotik.com/wiki/Firewall
No answer to your question? How to write posts
 
bledar
Member Candidate
Member Candidate
Topic Author
Posts: 234
Joined: Mon Nov 26, 2007 11:44 am
Location: Tirana/Albania

Re: Parasite Upload Bandwidth

Wed Aug 27, 2008 1:32 pm

OK. Tank You for your reply. I will read with attention those articles.
But please, what config I must do on firewall for blockin that activity on fastest way?
Regards.
 
User avatar
normis
MikroTik Support
MikroTik Support
Posts: 24268
Joined: Fri May 28, 2004 11:04 am
Location: Riga, Latvia

Re: Parasite Upload Bandwidth

Wed Aug 27, 2008 1:41 pm

/ip firewall filter add chain=forward src-address=209.249.222.27 action=drop 
/ip firewall filter add chain=forward dst-address=209.249.222.27 action=drop
No answer to your question? How to write posts
 
bledar
Member Candidate
Member Candidate
Topic Author
Posts: 234
Joined: Mon Nov 26, 2007 11:44 am
Location: Tirana/Albania

Re: Parasite Upload Bandwidth

Wed Aug 27, 2008 2:26 pm

Thank you Normis!

For my info, what was that?
Regards.
 
User avatar
normis
MikroTik Support
MikroTik Support
Posts: 24268
Joined: Fri May 28, 2004 11:04 am
Location: Riga, Latvia

Re: Parasite Upload Bandwidth

Wed Aug 27, 2008 2:43 pm

I have no idea what it was, I just told you how to block all access to/from that address
No answer to your question? How to write posts
 
bledar
Member Candidate
Member Candidate
Topic Author
Posts: 234
Joined: Mon Nov 26, 2007 11:44 am
Location: Tirana/Albania

Re: Parasite Upload Bandwidth

Thu Aug 28, 2008 4:41 pm

Hello!

The "attack" still continue. But now with 2 other IPs, 64.125.23.254 & 209.249.222.45. Even from port 80 of these 2 new IPs.
I tried to block these new IPs with firewall rules but no result.

/ip firewall filter add chain=forward src-address=64.125.23.254 action=drop
/ip firewall filter add chain=forward dst-address=64.125.23.254 action=drop

ip firewall filter add chain=forward src-address=209.249.222.45 action=drop
/ip firewall filter add chain=forward dst-address=209.249.222.45 action=drop


Please, what other can I do for blocking these upload?
Why these rules does not work with my MKT Firewall for these 2 new IPs?



Thank You for your help!
Regards.
 
bledar
Member Candidate
Member Candidate
Topic Author
Posts: 234
Joined: Mon Nov 26, 2007 11:44 am
Location: Tirana/Albania

Re: Parasite Upload Bandwidth

Fri Aug 29, 2008 10:58 am

Hello!

May any one help me to resolve this problem?
I will really appreciate your help.
Regards.
 
bledar
Member Candidate
Member Candidate
Topic Author
Posts: 234
Joined: Mon Nov 26, 2007 11:44 am
Location: Tirana/Albania

Re: Parasite Upload Bandwidth

Fri Aug 29, 2008 3:05 pm

No on know how to block these 2 ips ?
Regards.
 
proggams2
Member Candidate
Member Candidate
Posts: 140
Joined: Wed Mar 14, 2007 10:15 pm

Re: Parasite Upload Bandwidth

Mon Sep 01, 2008 11:52 pm

No matter what you do the drop rules wont make any effect. It's going for 2.3 Megabits / second so it's not fast enought to drop all the data.
But what i know about this upload thing, is that u have a file called suhhost.exe in c:\windows\system 32\ which is starting with windows also i dont know what does it do. but if u delete it; it will work. first u have to end it's process suhhost.exe from the taskmanager and then u have to delete the file. Watch in mikrotik how the upload stops when u end its process from the taskmanager. If u want a good antivirus , use kaspersky it will detect it.
Tell me what will come with you.
 
User avatar
normis
MikroTik Support
MikroTik Support
Posts: 24268
Joined: Fri May 28, 2004 11:04 am
Location: Riga, Latvia

Re: Parasite Upload Bandwidth

Tue Sep 02, 2008 10:54 am

clean your PC from viruses maybe?
No answer to your question? How to write posts
 
bledar
Member Candidate
Member Candidate
Topic Author
Posts: 234
Joined: Mon Nov 26, 2007 11:44 am
Location: Tirana/Albania

Re: Parasite Upload Bandwidth

Wed Sep 03, 2008 9:00 pm

Thank You for replies.

Mu PCs are protected with clean slate. When I do a restart the computer goes on the state that I left when I activated Clean Slate.
So, a little bit possibilities are that the PCs might be infected.

Its bean about 3 days that I see no upload traffic toward those IPs.

My question is: Why mikrotik does not blocked dropped upload traffic toward these IP before.

Thank You
Regards.
 
User avatar
normis
MikroTik Support
MikroTik Support
Posts: 24268
Joined: Fri May 28, 2004 11:04 am
Location: Riga, Latvia

Re: Parasite Upload Bandwidth

Thu Sep 04, 2008 12:46 pm

probably they are random IPs, when you block one, it goes to another.
No answer to your question? How to write posts
 
bledar
Member Candidate
Member Candidate
Topic Author
Posts: 234
Joined: Mon Nov 26, 2007 11:44 am
Location: Tirana/Albania

Re: Parasite Upload Bandwidth

Thu Sep 04, 2008 5:33 pm

But I tried to block X ip and still I see traffic toward that IP.

How is it possible?
Regards.
 
GuJack20
Trainer
Trainer
Posts: 322
Joined: Sat Jun 12, 2004 9:44 pm
Location: Tirana
Contact:

Re: Parasite Upload Bandwidth

Thu Sep 04, 2008 10:18 pm

One thing would be to find the local IP the packets are coming/going from/to... Then check if it's a real traffic (disconnect those machines). Then check the machines for any spyware, ad-aware etc.
--Do you remember that guy who gave up? Neither does anybody else!
 
User avatar
normis
MikroTik Support
MikroTik Support
Posts: 24268
Joined: Fri May 28, 2004 11:04 am
Location: Riga, Latvia

Re: Parasite Upload Bandwidth

Fri Sep 05, 2008 11:08 am

remember that the rule could be effective only after traffic interrupts. ie. reboot the router or disable/enable interface.
No answer to your question? How to write posts
 
bledar
Member Candidate
Member Candidate
Topic Author
Posts: 234
Joined: Mon Nov 26, 2007 11:44 am
Location: Tirana/Albania

Re: Parasite Upload Bandwidth

Sun Sep 07, 2008 11:46 am

I did it so but no results.

Maybe the latest mikrotik version works better regarding firewall rules???
Regards.
 
GuJack20
Trainer
Trainer
Posts: 322
Joined: Sat Jun 12, 2004 9:44 pm
Location: Tirana
Contact:

Re: Parasite Upload Bandwidth

Mon Sep 08, 2008 10:19 pm

What version are you using??
--Do you remember that guy who gave up? Neither does anybody else!

Who is online

Users browsing this forum: MSN [Bot] and 114 guests