[afnog] BGP issues and strange traffic
Dewole Ajao
dewole at tinitop.com
Thu Feb 25 09:44:22 UTC 2016
Sorry, we're 4 days late to the rescue... Dropping the incoming DNS
traffic will fix it but tomorrow it will be some other service so
ideally you should filter out access to all local services from your WAN
interfaces. Wrote
http://dewoleajao.com/blog2/remote-rogues-spoiling-your-web-experience
last year after seeing same at many Mikrotik all-in-one router sites.
And you should join
http://abuja.forum.org.ng/mailman/listinfo/ngnog-discuss too ;-)
All the best!
Dewole.
On 2/21/2016 11:24 PM, Folarin Oluwafemi wrote:
> Hello Group Members,
>
> I recently did BGP peering with my upstream provider and everything
> was fine until a few days
>
> time when i observe strange traffic from the interface of my WAN.
>
> What i saw using torch tool (network real-time monitor) on Mikrotik
> was traffic hitting my WAN
>
> interface from IP prefix from unknown locations hitting my router for
> DNS service that i can't
>
> explain..
>
> I disabled my LAN Public IP block of 196.13.111.0/24
> <http://196.13.111.0/24> and observed keenly the scenario and still
>
> observed high traffic coming in.
> Because of this act, i have not been able to enjoy good internet
> service from my provider.
>
>
> Any filtering mechanism that can be used or how this attack can be
> mitigated.
>
> Attached is the snapshot of what am refering to.
>
> *ETHER 5 is the interface facing my ISP *
> *
> *
> *ETHER 3 is my LAN interface 196.13.111.0/24
> <http://196.13.111.0/24> disabled
> *
>
> I need assistance from the group in helping out.
>
> Regards.
> --
> I am what God says I am
>
>
> _______________________________________________
> afnog mailing list
> https://www.afnog.org/mailman/listinfo/afnog
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.afnog.org/pipermail/afnog/attachments/20160225/4373e4d5/attachment.html>
More information about the afnog
mailing list