<html>
  <head>
    <meta content="text/html; charset=windows-1252"
      http-equiv="Content-Type">
  </head>
  <body bgcolor="#FFFFFF" text="#000000">
    Sorry, we're 4 days late to the rescue... Dropping the incoming DNS
    traffic will fix it but tomorrow it will be some other service so
    ideally you should filter out access to all local services from your
    WAN interfaces. Wrote
    <a class="moz-txt-link-freetext" href="http://dewoleajao.com/blog2/remote-rogues-spoiling-your-web-experience">http://dewoleajao.com/blog2/remote-rogues-spoiling-your-web-experience</a>
    last year after seeing same at many Mikrotik all-in-one router
    sites.<br>
    <br>
    And you should join
    <a class="moz-txt-link-freetext" href="http://abuja.forum.org.ng/mailman/listinfo/ngnog-discuss">http://abuja.forum.org.ng/mailman/listinfo/ngnog-discuss</a> too ;-)<br>
    <br>
    All the best!<br>
    Dewole. <br>
    <br>
    <div class="moz-cite-prefix">On 2/21/2016 11:24 PM, Folarin
      Oluwafemi wrote:<br>
    </div>
    <blockquote
cite="mid:CAN+Tn4_c4ChNQW86AuBPNCaPxbC7G-BSMKUAadEC0p+H3Vi1jA@mail.gmail.com"
      type="cite">
      <div dir="ltr">
        <div style="font-size:12.8px">Hello Group Members,</div>
        <div style="font-size:12.8px"><br>
        </div>
        <div style="font-size:12.8px">I recently did BGP peering with my
           upstream provider and everything was fine until a few days </div>
        <div style="font-size:12.8px"><br>
        </div>
        <div style="font-size:12.8px">time when i observe strange
          traffic from the interface of my WAN.</div>
        <div style="font-size:12.8px"><br>
        </div>
        <div style="font-size:12.8px">What i saw using torch tool
          (network real-time monitor) on Mikrotik was traffic hitting my
          WAN</div>
        <div style="font-size:12.8px"><br>
        </div>
        <div style="font-size:12.8px">interface from IP prefix from
          unknown locations  hitting my router for  DNS service that i
          can't </div>
        <div style="font-size:12.8px"><br>
        </div>
        <div style="font-size:12.8px">explain..</div>
        <div style="font-size:12.8px"><br>
        </div>
        <div style="font-size:12.8px">I disabled my LAN Public  IP block
          of <a moz-do-not-send="true" href="http://196.13.111.0/24"
            target="_blank">196.13.111.0/24</a> and observed keenly the
          scenario and still </div>
        <div style="font-size:12.8px"><br>
        </div>
        <div style="font-size:12.8px">observed high traffic coming in.</div>
        <div style="font-size:12.8px"> </div>
        <div style="font-size:12.8px">Because of this act, i have not
          been able to enjoy good internet service from my provider.</div>
        <div style="font-size:12.8px"><br>
        </div>
        <div style="font-size:12.8px"><br>
        </div>
        <div style="font-size:12.8px">Any filtering mechanism that can
          be used or how this attack can be mitigated.</div>
        <div style="font-size:12.8px"><br>
        </div>
        <div style="font-size:12.8px">Attached is the snapshot of what
          am refering to.</div>
        <div style="font-size:12.8px"><br>
        </div>
        <div style="font-size:12.8px"><b>ETHER 5 is the interface facing
            my ISP </b></div>
        <div style="font-size:12.8px"><b><br>
          </b></div>
        <div style="font-size:12.8px"><b>ETHER 3 is my LAN interface <a
              moz-do-not-send="true" href="http://196.13.111.0/24"
              target="_blank">196.13.111.0/24</a> disabled<br
              clear="all">
          </b>
          <div><br>
          </div>
        </div>
        <div><span style="font-size:12.8px">I need assistance from the
            group in helping out.</span><br>
        </div>
        <div><span style="font-size:12.8px"><br>
          </span></div>
        <div><span style="font-size:12.8px">Regards.</span></div>
        -- <br>
        <div class="gmail_signature"><font style="color:rgb(0,0,0)"
            size="2"><span style="font-family:Tahoma;font-weight:bold">I
              am what God says I am<br>
            </span></font></div>
      </div>
      <br>
      <fieldset class="mimeAttachmentHeader"></fieldset>
      <br>
      <pre wrap="">_______________________________________________
afnog mailing list
<a class="moz-txt-link-freetext" href="https://www.afnog.org/mailman/listinfo/afnog">https://www.afnog.org/mailman/listinfo/afnog</a></pre>
    </blockquote>
    <br>
  </body>
</html>