MikroTik

I am getting on torch a lot of traffic upload to this ip:

31.6.71.253
31.6.71.254

But there is no user behind this router, looks like the router is uploading this information.

Does anyone know what service is uploading? or Why is this?

Do you have assigned ips in that range? to which ports does the traffic go? Its probably either network (port) probing or scanning; maybe your ISP has set routing improperly.

BTW there's a typo in your sig, guess you meant MTCTCE

I found also this IP


103.243.20.43
94.190.193.121
201.34.145.201
209.216.126.207
189.79.40.16
192.185.26.193
194.6.233.17

This IP are found on Source address, and the destination is the router.

On ip firewall connections.

I can find different source porte but the destination port is always the same 53. This traffic is unexpected because as i said there is no host behind the router. Looks like the router is uploading all of this traffic

could you post a screenshot from ip > firewall > connections??

I forgot to tell the traffic is more than 3 Mbps which is too much for dns

research the ip

www.ip2location.com

chechito: it varies from day day... this morning were russian ips, right now are turkish, later may be chinese ips...

If your router is really exposed to the Internet (i.e. not an ADSL o FTTH line) a good firewall, that adds "probing" or port scanning source IPs to dynamic address lists for further firewall drop is mandatory.

I found the problem. My router was been used as a DNS Server and it has allowed request activate.