Community discussions

MikroTik App
 
Hammer
newbie
Topic Author
Posts: 40
Joined: Sat Sep 20, 2014 6:39 am

Unidentified IP Traffic(see video)

Thu May 21, 2015 1:41 am

I realized that I have a very bad Ping in games. I have all the cables disconnected and WLAN, to see if another device is responsible for ensuring. Then I saw on the Mikrotik I have high traffic. What can that be?

Device: RB2011UiAS-2HnD
FW: 6.28
ISP: Cable Modem (GIB-Solutions AG, Switzerland)
 
Hammer
newbie
Topic Author
Posts: 40
Joined: Sat Sep 20, 2014 6:39 am

Re: Unidentified IP Traffic(see video)

Thu May 21, 2015 1:51 am

OMG, I had activated under DNS Settings Allow Remote Requests!
 
User avatar
chechito
Forum Guru
Forum Guru
Posts: 3135
Joined: Sun Aug 24, 2014 3:14 am
Location: Bogota Colombia
Contact:

Re: Unidentified IP Traffic(see video)

Thu May 21, 2015 2:14 am

dns amplification attack exploiting mikrotik open dns to external interface
 
Ansy
Frequent Visitor
Frequent Visitor
Posts: 72
Joined: Mon Oct 17, 2011 1:32 pm
Location: Russia
Contact:

Re: Unidentified IP Traffic(see video)

Mon Aug 03, 2015 11:27 am

That's UDP/53 traffic -- mainly DNS Amplification Attack to victim host 212.35.2.113.

Mikrotik, please make option IP - DNS - Allow remote requests by default turned OFF.

I see already 3-rd case of this attack on just installed our customers' RouterBoards.
All of them have a real IP-addresses, and they often do not even see that kind of traffic, but they hurts our WISP network.
 
User avatar
normis
MikroTik Support
MikroTik Support
Posts: 26912
Joined: Fri May 28, 2004 11:04 am
Location: Riga, Latvia
Contact:

Re: Unidentified IP Traffic(see video)

Mon Aug 03, 2015 11:36 am

That's UDP/53 traffic -- mainly DNS Amplification Attack to victim host 212.35.2.113.

Mikrotik, please make option IP - DNS - Allow remote requests by default turned OFF.

I see already 3-rd case of this attack on just installed our customers' RouterBoards.
All of them have a real IP-addresses, and they often do not even see that kind of traffic, but they hurts our WISP network.
It is off by default, if you have no other config.
On home routers, it is ON, but so is firewall. There are no devices where you will have "allow remote requests" + no firewall ...

Who is online

Users browsing this forum: atomicduck and 35 guests