Community discussions

MikroTik App
  4. RouterOS
  5. General

How can i stop such traffic

Post Reply
 
hzeid
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 92
Joined: Tue Oct 12, 2004 11:57 am
Location: Lebanon

How can i stop such traffic

Tue Nov 22, 2005 8:26 pm

Image


how can i block this traffic to dst. port 445
Last edited by hzeid on Wed Nov 23, 2005 10:13 am, edited 1 time in total.
Top
 
User avatar
sergejs
MikroTik Support
MikroTik Support
Posts: 6697
Joined: Thu Mar 31, 2005 3:33 pm
Location: Riga, Latvia
Contact:
Contact sergejs

Tue Nov 22, 2005 10:50 pm

use this rule for router users:
'ip firewall filter add action=drop chain=forward dst-port=445 protocol=tcp'
Top
 
hzeid
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 92
Joined: Tue Oct 12, 2004 11:57 am
Location: Lebanon

Wed Nov 23, 2005 10:17 am

well i have thi rule but i still when i dotorch i see such traffic on that ip. also i user arp reply-only and when i disable the mac address of that ip in the arp list i still see this upload traffic also i have limits through pcq to the costumers and this ip have a limit of 32kbit upload but i see about 64 to 80 kbits traffic from this user. how could i solve this problem
Top
 
User avatar
sergejs
MikroTik Support
MikroTik Support
Posts: 6697
Joined: Thu Mar 31, 2005 3:33 pm
Location: Riga, Latvia
Contact:
Contact sergejs

Wed Nov 23, 2005 10:32 am

your first question was about dropping 445 port, check if there no accept rule before drop one.

give more information about queue configuration!
Top
 
pedja
Long time Member
Long time Member
Posts: 684
Joined: Sat Feb 26, 2005 5:37 am

Wed Nov 23, 2005 7:32 pm

I think Torch shows even dropped connections. Set rule to write to log and check in log if it actualy works.
Top
 
hzeid
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 92
Joined: Tue Oct 12, 2004 11:57 am
Location: Lebanon

Thu Nov 24, 2005 4:15 pm

well in the log i see the packet being dropped. but in the torch i still see this traffic. could this affect other costumers.the problem is even i blocked his mac addess in the arp i still see this upload traffic while the down traffic is 0
Top
 
pedja
Long time Member
Long time Member
Posts: 684
Joined: Sat Feb 26, 2005 5:37 am

Thu Nov 24, 2005 6:48 pm

Wel, if log says its dropped it is dropped.I also find it rather confusing that Torch and some other tools still show such connections.
Top
 
sten
Forum Veteran
Forum Veteran
Posts: 923
Joined: Tue Jun 01, 2004 12:10 pm

Mon Nov 28, 2005 3:20 pm

well in the log i see the packet being dropped. but in the torch i still see this traffic. could this affect other costumers.the problem is even i blocked his mac addess in the arp i still see this upload traffic while the down traffic is 0
'

Torch intercepts traffic before it is denied.
Regarding ARP, you didnt block anything. You just stopped your router from resolving his mac address. It could potentially prevent him from download although that is fairly simple to go around. He will stop uploading when you block the undesired traffic on his side of the link.
Top
Post Reply

Who is online

Users browsing this forum: baragoon, Bing [Bot], rewik23772 and 46 guests
  4. RouterOS
  5. General