I have setup some "blackhole" rules on one of my Mikrotik routers. However, it doesn't seem to be working correctly. I have it setup so it adds the src-address to an address list called "blackhole" if there is any traffic to a specific dst-address (i.e. 192.168.1.45). Then I have another rule to drop all packets in the address list "blackhole".
The problem we are seeing is a lot of places like Google, Yahoo mail, etc. are getting added to the blackhole list usually within an hour of having the rule setup.
Here are the two rules:
7 X ;;; Drop blackhole IP's
chain=forward src-address-list=blackhole action=drop
8 X chain=forward in-interface=ether1 src-address=!69.20.128.0/18
dst-address=192.168.1.45 action=add-src-to-address-list
address-list=blackhole address-list-timeout=1d
I was previously doing this same thing with an ETINC bandwidth manager box and never had problems of "false positives" from any locations (with it running for over a year).
Any help would be appreciated.