Hello,

I'm not sure the exact question I'm trying to ask but here it goes.

Is there some filtering that identifies bot-net type activity, or even spam activity? I nat all IPs in the subnet and am wondering if there is a procedure in the mikrotik that allows you to map internally all IPs so you can track down using timestamps, etc., or who's IP it is that is giving me these issues? I am being notified by our Fibre provider but all they can tell is it's from the IP of the Mikrotik, not the exact offender. I appreciate any help and please ask if you have any questions.

James

Watch the connections table in the firewall for IPs that build lots of outbound connections to tcp/25.