MikroTik

Posted: **Mon Nov 28, 2016 6:54 pm**

Hi,

I've noticed that on our network upload on public IP is constantly high and up to the max. Bu using Torch I've noticed that all IPs with high Tx rate originate in China. By checking I don't think that this traffic comes from our LAN network. There are couple of VPN tunnels on the router also. Do you have any idea how to see where does this traffic comes from (and block) or how to even manually block Chinese IPs. Thanks.

Posted: **Mon Nov 28, 2016 7:02 pm**

disable ip/dns/allow remote requests

Posted: **Mon Nov 28, 2016 7:05 pm**

On which port do they connect if it is UDP 53, be sure to block remote DNS requests

under IP->DNS->Allow remote request untick the box

or with firewall

/ip fire filter chain=input in-interface=WAN protocol=UDP dst-port=53 action=drop

Otherwise make a torch on LAN interface and see the connections

Posted: **Tue Nov 29, 2016 10:12 am**

Yup, disabling remote DNS requests solved the issue. Thanks a lot guys, you are the best!

MikroTik

High upload - security breach?

High upload - security breach?

Re: High upload - security breach?

Re: High upload - security breach?

Re: High upload - security breach?