Could be DDOS attack on dns this happen to me on my mikrotik. Tim
-----Original Message----- From: "Jason McKemie" <j.mcke...@veloxinetbroadband.com> To: af@afmug.com Date: 09/06/16 02:03 PM Subject: Re: [AFMUG] Mikrotik Possibly Compromised I'd think that I would see some internal network activity if this were the case though. Also, the source IPs appear to be from all over the world. On Tue, Sep 6, 2016 at 12:09 PM, Bruce Robertson <br...@pooh.com> wrote: In my experience, that's usually your mobile devices nattering with the mother ship, like doing backups and uploading recent pictures. iPhones are especially bad about this. On 09/06/2016 09:57 AM, Jason McKemie wrote: So I've noticed some strange behavior on my home connection (Comcast). The Mikrotik that I am using shows a constant Tx on the WAN port of around 3-5Mbps and between 200-300pps, Rx is just a few kbps. This activity appears to be strictly on the WAN port. If I disable a firewall rule that accepts input, the activity ceases - but devices behind the router lose connectivity. Any ideas? I've got all IP services disabled except winbox, which is restricted to my local network. !DSPAM:2,57cef58248051021720198!