Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
[
[
[email protected]2016-12-07 13:41:14
System administration
[email protected], 2016-12-07 13:41:14

Is it DDos or a virus breaking?

Good afternoon!
At home, 2 Internet channels were wired, one under the server, the other for home use.
I installed MikroTik RB941-2nD-TC for the house instead of the old asus rt-n12, and began to notice that sometimes the speed sags, and the CPU load on MikroTik is always 100% (Photo below). All connections are breaking on 4444> 53 port.
Right now I compared the connections on another router (RB2011UAS-RM) where there are servers, there are no such connections, and the CPU usage is 40-50%, although there are more rules in the firewall.
Could it be DDos, what kind of virus to break, or does it just not pull out?
aa320d48aaa54c9ab530a636bf478f1f.pngd1ccc09593734465b8c87c0534f02e27.png
Ps Previously, there were servers on ip which is now used for the home.

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

4 answer(s)
Report
V
Valentin Net, 2016-12-07
@orlnet

This uses your router as a DNS server.
Known issue.
Add a firewall rule
/ip firewall filter add chain=input action=drop in-interface=WAN
WAN to the end of the list and change it to your incoming port.

Report
R
Ruslan Fedoseev, 2016-12-07
@martin74ua

firewall 53 udp\tcp from the outside world. This is a well-known Mikrotik joke - if you turn on the dns server, then it is available from everywhere;)

Report
M
Melkij, 2016-12-07
@melkij

This is you DDoS'ite. reply is much larger than the input, plus if it happens on port 53 - a classic of increasing the power of UDP flooding through carelessly configured DNS and firewall.
Reconfigure your firewall to an adequate mode, everything that is not explicitly allowed is prohibited.

Report
A
Anibius, 2016-12-16
@Anibius

Add rules to the input chain(ether1 is the provider interface)
chain=input action=drop protocol=tcp in-interface=ether1 dst-port=53 log=no log-prefix=""
chain=input action=drop protocol=udp in -interface=ether1 dst-port=53 log=no log-prefix=""
I would also advise you to look at what is configured in NAT.
Is there a forwarding rule on port 4444 for the service?
I advise you to read the wiki

Similar questions
A
Alghazanth2016-07-07 12:55:17
How to start Windows 2012 R2 in OpenStack under KVM? 2Reply
V
Vasya Pupkin2021-09-16 18:20:48
Explain the correctness of the three-level domain in the corporate network? 5Reply
V
Vasily2013-06-26 04:51:39
How to close an SSL session in nginx when authorized with a certificate? 1Reply
N
Nikita2016-02-03 22:48:29
How to run an app on OS X with admin rights? 1Reply
D
Denis _______________2021-09-18 10:48:56
What is the most convenient way to monitor CPU and VC temperatures under Linux and control turntables on a laptop? 1Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question