Hi All,
May not be related but 6 hours ago in the middle of the night I noticed with my graphs that the CPU was nailed at 100%
I ran a Profile (under tools) and the DNS process is using 72% CPU
I checked DNS settings and the tick box for allow remote requests was checked as on, not sure why. I unchecked the setting and the traffic ceased, DNS process CPU usage dropped to 0%
It does look that my router was participating in some form of DNS reflector DDoS, there is no sign of entry, nothing in the logs (which I keep on a separate server) to show any form of intrusion.
It seemed to be generating 40Mbit of outbound WAN traffic (Filling the upstream channel on my 100Mbit/40Mbit fibre service)
Is this a possible attack vector? I've never seen this happen prior to upgrading to RouterOS 7.8
Platform: RB3011iUAS-RM
RouterOS: 7.8 stable
Kind Regards,
Jim