Community discussions

MUM Europe 2020
 
ven16
newbie
Topic Author
Posts: 36
Joined: Tue Mar 26, 2013 5:35 pm

un-idntified traffic and CPU at 100% RB450G

Mon Sep 30, 2013 7:20 am

hi,

i have a problem with my router board
it is using 100% and showing un-Idntified traffic on interfaces
below Fig: do not has LAN traffic but it showing 7.5 Mbps on WAN side
Capture.JPG
can somone please help me.

thank you,

ven
You do not have the required permissions to view the files attached to this post.
 
deejayq
Member Candidate
Member Candidate
Posts: 195
Joined: Wed Feb 23, 2011 8:33 am

Re: un-idntified traffic and CPU at 100% RB450G

Mon Sep 30, 2013 8:34 am

torch on wan interface or go to ip firewall connections
what do you see?
 
rufee
newbie
Posts: 27
Joined: Mon Dec 10, 2012 2:41 pm

Re: un-idntified traffic and CPU at 100% RB450G

Mon Sep 30, 2013 1:01 pm

Disable "allow remote requests" in DNS settings, had the same issue with my 2011 after i ran cpu profile i found out that DNS was using the whole cpu.
MTCNA
 
CelticComms
Forum Guru
Forum Guru
Posts: 1766
Joined: Wed May 02, 2012 5:48 am

Re: un-idntified traffic and CPU at 100% RB450G

Mon Sep 30, 2013 2:22 pm

Using Torch on the interface will give more information about the traffic and what the source is.
Interlynx | Networking and Information Security Consultants & Trainers | Email: routerlynx@gmail.com
BGP | EIGRP | OSPF | MPLS | Firewall | VPN | IPsec | Multicast | QOS | IPv4/6 | STP | VLAN | PON | AE | M2M | and more!

 
ven16
newbie
Topic Author
Posts: 36
Joined: Tue Mar 26, 2013 5:35 pm

Re: un-idntified traffic and CPU at 100% RB450G

Mon Sep 30, 2013 5:42 pm

Hi,

here is my torch on WAN interface and one IP Address using all bandwidth 146.185.142.174
can some please help me here
Untitled.png
thank you

ven
You do not have the required permissions to view the files attached to this post.
 
mjperry82
just joined
Posts: 15
Joined: Wed Feb 06, 2013 11:02 pm

Re: un-idntified traffic and CPU at 100% RB450G

Mon Sep 30, 2013 7:20 pm

It would help if you could run torch again with protocol and port checked so that we can see what kind of traffic it is.
 
ven16
newbie
Topic Author
Posts: 36
Joined: Tue Mar 26, 2013 5:35 pm

Re: un-idntified traffic and CPU at 100% RB450G

Mon Sep 30, 2013 8:18 pm

Hi,
now I can not see that IP which I mentioned in previous slide.
but I can see some other IP addresses.
I am attaching screen shots below
torch.JPG
torch2.JPG
thank you,
ven
You do not have the required permissions to view the files attached to this post.
 
XTX
newbie
Posts: 26
Joined: Sat Jun 04, 2011 4:34 pm

Re: un-idntified traffic and CPU at 100% RB450G

Mon Sep 30, 2013 8:40 pm

Hi

Try what "rufee" suggested...
 
mjperry82
just joined
Posts: 15
Joined: Wed Feb 06, 2013 11:02 pm

Re: un-idntified traffic and CPU at 100% RB450G

Mon Sep 30, 2013 10:02 pm

Hi

Try what "rufee" suggested...
And you probably want to add some firewall filter rules to protect your WAN interface.
 
wpeople
Member
Member
Posts: 352
Joined: Sat May 26, 2007 6:36 pm

Re: un-idntified traffic and CPU at 100% RB450G

Tue Oct 01, 2013 10:27 pm

i also see such issue on customer routers. My solutions was:
1) create an access list for used DNS servers
2) create a firewall rule to drop all incoming packets what's targetting udp/53 and NOT originated from src-address-list=dns-servers and coming from WAN interface.

however i would welcome a solution from Mikrotik what allows to configure local DNS service access like other IP services:
offer a list of allowed hosts/subnets.

Who is online

Users browsing this forum: No registered users and 66 guests