[afnog] BGP issues and strange traffic

Dewole Ajao dewole at tinitop.com
Thu Feb 25 09:44:22 UTC 2016


Sorry, we're 4 days late to the rescue... Dropping the incoming DNS 
traffic will fix it but tomorrow it will be some other service so 
ideally you should filter out access to all local services from your WAN 
interfaces. Wrote 
http://dewoleajao.com/blog2/remote-rogues-spoiling-your-web-experience 
last year after seeing same at many Mikrotik all-in-one router sites.

And you should join 
http://abuja.forum.org.ng/mailman/listinfo/ngnog-discuss too ;-)

All the best!
Dewole.

On 2/21/2016 11:24 PM, Folarin Oluwafemi wrote:
> Hello Group Members,
>
> I recently did BGP peering with my  upstream provider and everything 
> was fine until a few days
>
> time when i observe strange traffic from the interface of my WAN.
>
> What i saw using torch tool (network real-time monitor) on Mikrotik 
> was traffic hitting my WAN
>
> interface from IP prefix from unknown locations  hitting my router for 
>  DNS service that i can't
>
> explain..
>
> I disabled my LAN Public  IP block of 196.13.111.0/24 
> <http://196.13.111.0/24> and observed keenly the scenario and still
>
> observed high traffic coming in.
> Because of this act, i have not been able to enjoy good internet 
> service from my provider.
>
>
> Any filtering mechanism that can be used or how this attack can be 
> mitigated.
>
> Attached is the snapshot of what am refering to.
>
> *ETHER 5 is the interface facing my ISP *
> *
> *
> *ETHER 3 is my LAN interface 196.13.111.0/24 
> <http://196.13.111.0/24> disabled
> *
>
> I need assistance from the group in helping out.
>
> Regards.
> -- 
> I am what God says I am
>
>
> _______________________________________________
> afnog mailing list
> https://www.afnog.org/mailman/listinfo/afnog

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.afnog.org/pipermail/afnog/attachments/20160225/4373e4d5/attachment.html>


More information about the afnog mailing list