Community discussions

MikroTik App
 
User avatar
jimmer
just joined
Topic Author
Posts: 19
Joined: Wed Mar 06, 2019 10:06 am
Location: Tasmania, Australia

Issue with DNS Process generating outbound traffic on Mikrotik RouterOS 7.8

Tue Mar 28, 2023 12:36 am

Hi All,

May not be related but 6 hours ago in the middle of the night I noticed with my graphs that the CPU was nailed at 100%

I ran a Profile (under tools) and the DNS process is using 72% CPU
I checked DNS settings and the tick box for allow remote requests was checked as on, not sure why. I unchecked the setting and the traffic ceased, DNS process CPU usage dropped to 0%

It does look that my router was participating in some form of DNS reflector DDoS, there is no sign of entry, nothing in the logs (which I keep on a separate server) to show any form of intrusion.
It seemed to be generating 40Mbit of outbound WAN traffic (Filling the upstream channel on my 100Mbit/40Mbit fibre service)

Is this a possible attack vector? I've never seen this happen prior to upgrading to RouterOS 7.8

Platform: RB3011iUAS-RM
RouterOS: 7.8 stable


Kind Regards,
Jim

Who is online

Users browsing this forum: Google [Bot] and 68 guests