Community discussions

MikroTik App
  4. RouterOS
  5. General

High upload - security breach?

Post Reply
 
spaske84
just joined
Topic Author
Posts: 9
Joined: Fri Jul 01, 2016 3:56 pm

High upload - security breach?

Mon Nov 28, 2016 6:54 pm

Hi,

I've noticed that on our network upload on public IP is constantly high and up to the max. Bu using Torch I've noticed that all IPs with high Tx rate originate in China. By checking I don't think that this traffic comes from our LAN network. There are couple of VPN tunnels on the router also. Do you have any idea how to see where does this traffic comes from (and block) or how to even manually block Chinese IPs. Thanks.
Top
 
User avatar
juanvi
Member Candidate
Member Candidate
Posts: 168
Joined: Mon May 05, 2014 6:55 pm
Location: SPAIN

Re: High upload - security breach?

Mon Nov 28, 2016 7:02 pm

disable ip/dns/allow remote requests
Top
 
tr00g33k
Frequent Visitor
Frequent Visitor
Posts: 89
Joined: Sun Mar 29, 2015 3:58 pm

Re: High upload - security breach?

Mon Nov 28, 2016 7:05 pm

On which port do they connect if it is UDP 53, be sure to block remote DNS requests

under IP->DNS->Allow remote request untick the box

or with firewall
Code: Select all
/ip fire filter chain=input in-interface=WAN protocol=UDP dst-port=53 action=drop
Otherwise make a torch on LAN interface and see the connections
Top
 
spaske84
just joined
Topic Author
Posts: 9
Joined: Fri Jul 01, 2016 3:56 pm

Re: High upload - security breach?

Tue Nov 29, 2016 10:12 am

Yup, disabling remote DNS requests solved the issue. Thanks a lot guys, you are the best!
Top
Post Reply
  4. RouterOS
  5. General