Where does TX traffic come from on the router if there is no RX?

D

Dmitry2017-01-22 20:08:40

Computer networks

Dmitry, 2017-01-22 20:08:40

Hello dear!
I just have no direct guesses, can you tell me how? A friend sent a "screenshot", asked for help to figure it out.

There is a feeling that someone is downloading something directly from Mikrotik itself. But how is this possible?
ether-1 is the uplink. Behind him is an ADSL modem and the Internet, with a speed of just 10 Mbps.

Reply

Answer the question

In order to leave comments, you need to log in

5 answer(s)

R

Ruslan Fedoseev, 2017-01-22
@martin74ua

close the firewall incoming 53 udp \ tcp from the outside world, leave it only inside the bridge

A

Alexander Romanov, 2017-01-22
@moneron89

And there is also a wonderful Torch utility, with which you can see what kind of traffic is on the port. And yes, close DNSs

M

Melkij, 2017-01-22
@melkij

Why is there no RX? 200kbps.
Isn't this a member of a botnet? Is it DDos or a virus breaking?

E

Eugene Wolf, 2017-01-22
@Wolfnsex

Where does TX traffic come from on the router if there is no RX?

If I remember correctly, Tx is outgoing, Rx is incoming.
Where does outgoing traffic come from? It all depends on what kind of traffic is counted, it can be anything. ARP traffic, ICMP traffic and/or something else. Where does it get it from - at least the router itself can generate it.

E

eblan, 2017-01-22
@eblan

Most likely, your router is being DDoSed via DNS Amplification. I had the same problem, on the test server the 1Gb / s channel was clogged at 100% and it was not possible to work, it was decided by completely closing port 53.