Community discussions

MUM Europe 2020
 
rini
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 76
Joined: Wed Sep 22, 2010 1:28 am

UNKNOWN BANDWIDTH

Mon Jul 15, 2013 1:53 pm

Hello.
the past three days i see in my RB1100AHx2 an unknown bandwidth in upload.
ether10 is my input interface. I have 4 interface for my customers with pppoe server. For authentication a radius manager in ether8.

look at the pic.

where is this "traffic" coming from ???? I cant open my routerboard in winbox where the cpu is 70%.
ISP problem ???
You do not have the required permissions to view the files attached to this post.
 
User avatar
tomaskir
Trainer
Trainer
Posts: 1122
Joined: Sat Sep 24, 2011 2:32 pm
Location: Slovakia

Re: UNKNOWN BANDWIDTH

Mon Jul 15, 2013 1:57 pm

How is your input firewall chain looking like? Post "/ip firewall filter export compact"

Someone is probably using your router as a web/dns proxy.
Unimus - configuration management, automation and backup solution
Mass Config Push, network-wide RouterOS upgrades, and more!
 
rini
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 76
Joined: Wed Sep 22, 2010 1:28 am

Re: UNKNOWN BANDWIDTH

Mon Jul 15, 2013 2:14 pm

How is your input firewall chain looking like? Post "/ip firewall filter export compact"

Someone is probably using your router as a web/dns proxy.

/export compact
# jul/15/2013 13:20:07 by RouterOS 6.1
# software id =
/interface pppoe-client
add disabled=no interface=ether10 name=PPPOE-CLIENT password=XXXX user=\
YYY
/ip hotspot user profile
set [ find default=yes ] idle-timeout=none keepalive-timeout=2m \
mac-cookie-timeout=3d
/ip pool
add name=pppoe ranges=10.10.0.2-10.10.1.254
/port
set 0 name=serial0
set 1 name=serial1
/interface pppoe-server server
add authentication=pap default-profile=pppoe disabled=no interface=ether6 \
one-session-per-host=yes
add authentication=pap default-profile=pppoe disabled=no interface=\
ether2 one-session-per-host=yes
add authentication=pap default-profile=pppoe disabled=no interface=ether4 \
one-session-per-host=yes
add authentication=pap default-profile=pppoe disabled=no interface=ether5 \
one-session-per-host=yes
/interface pptp-server server
set enabled=yes
/ip address
add address=10.3.3.1/24 interface=ether8 network=10.3.3.0
/ip dns
set allow-remote-requests=yes servers=X.X.X.X,Y.Y.Y.Y
/ip firewall nat
add action=masquerade chain=srcnat src-address=10.10.0.0/16
add action=masquerade chain=srcnat src-address=10.3.3.10
/ip route
add distance=1 gateway=XXX.XXX.XXX.XXX
/ip service
set telnet disabled=yes
set ftp disabled=yes
set ssh disabled=yes
set api disabled=yes
set api-ssl disabled=yes

/radius
add address=10.3.3.10 secret=XXX service=ppp
/radius incoming
set accept=yes port=1700
/system clock
set time-zone-name=Europe
/system identity
set name=RouterOS
/system logging
set 1 disabled=yes
set 2 disabled=yes
set 3 disabled=yes
add disabled=yes topics=pppoe
/system ntp client
set enabled=yes mode=unicast primary-ntp=37.247.48.64 secondary-ntp=2.228.72.62
/system routerboard settings
set cpu-frequency=1333MHz
/tool graphing interface
add interface=PPPOE-CLIENT
 
User avatar
tomaskir
Trainer
Trainer
Posts: 1122
Joined: Sat Sep 24, 2011 2:32 pm
Location: Slovakia

Re: UNKNOWN BANDWIDTH

Mon Jul 15, 2013 5:45 pm

There is the answer, you dont have any firewall at all.
Since you have "/ip dns set allow-remote-requests=yes" someone is using your router as a DNS proxy.

Secure your router in the firewall input chain.
Unimus - configuration management, automation and backup solution
Mass Config Push, network-wide RouterOS upgrades, and more!
 
rini
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 76
Joined: Wed Sep 22, 2010 1:28 am

Re: UNKNOWN BANDWIDTH

Tue Jul 16, 2013 12:10 am

There is the answer, you dont have any firewall at all.
Since you have "/ip dns set allow-remote-requests=yes" someone is using your router as a DNS proxy.

Secure your router in the firewall input chain.

can you post the configuration???
or a example ??
 
rini
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 76
Joined: Wed Sep 22, 2010 1:28 am

Re: UNKNOWN BANDWIDTH

Tue Jul 16, 2013 12:15 am

There is the answer, you dont have any firewall at all.
Since you have "/ip dns set allow-remote-requests=yes" someone is using your router as a DNS proxy.

Secure your router in the firewall input chain.

can you post the configuration???
or a example ??

thank you. i follow this topic and the traffic is no more. http://wiki.mikrotik.com/wiki/Manual:IP/Firewall/Filter
protect your router

Who is online

Users browsing this forum: eworm, PhilipJFry and 85 guests