<html>
<head>
<meta content="text/html; charset=windows-1252"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
Sorry, we're 4 days late to the rescue... Dropping the incoming DNS
traffic will fix it but tomorrow it will be some other service so
ideally you should filter out access to all local services from your
WAN interfaces. Wrote
<a class="moz-txt-link-freetext" href="http://dewoleajao.com/blog2/remote-rogues-spoiling-your-web-experience">http://dewoleajao.com/blog2/remote-rogues-spoiling-your-web-experience</a>
last year after seeing same at many Mikrotik all-in-one router
sites.<br>
<br>
And you should join
<a class="moz-txt-link-freetext" href="http://abuja.forum.org.ng/mailman/listinfo/ngnog-discuss">http://abuja.forum.org.ng/mailman/listinfo/ngnog-discuss</a> too ;-)<br>
<br>
All the best!<br>
Dewole. <br>
<br>
<div class="moz-cite-prefix">On 2/21/2016 11:24 PM, Folarin
Oluwafemi wrote:<br>
</div>
<blockquote
cite="mid:CAN+Tn4_c4ChNQW86AuBPNCaPxbC7G-BSMKUAadEC0p+H3Vi1jA@mail.gmail.com"
type="cite">
<div dir="ltr">
<div style="font-size:12.8px">Hello Group Members,</div>
<div style="font-size:12.8px"><br>
</div>
<div style="font-size:12.8px">I recently did BGP peering with my
upstream provider and everything was fine until a few days </div>
<div style="font-size:12.8px"><br>
</div>
<div style="font-size:12.8px">time when i observe strange
traffic from the interface of my WAN.</div>
<div style="font-size:12.8px"><br>
</div>
<div style="font-size:12.8px">What i saw using torch tool
(network real-time monitor) on Mikrotik was traffic hitting my
WAN</div>
<div style="font-size:12.8px"><br>
</div>
<div style="font-size:12.8px">interface from IP prefix from
unknown locations hitting my router for DNS service that i
can't </div>
<div style="font-size:12.8px"><br>
</div>
<div style="font-size:12.8px">explain..</div>
<div style="font-size:12.8px"><br>
</div>
<div style="font-size:12.8px">I disabled my LAN Public IP block
of <a moz-do-not-send="true" href="http://196.13.111.0/24"
target="_blank">196.13.111.0/24</a> and observed keenly the
scenario and still </div>
<div style="font-size:12.8px"><br>
</div>
<div style="font-size:12.8px">observed high traffic coming in.</div>
<div style="font-size:12.8px"> </div>
<div style="font-size:12.8px">Because of this act, i have not
been able to enjoy good internet service from my provider.</div>
<div style="font-size:12.8px"><br>
</div>
<div style="font-size:12.8px"><br>
</div>
<div style="font-size:12.8px">Any filtering mechanism that can
be used or how this attack can be mitigated.</div>
<div style="font-size:12.8px"><br>
</div>
<div style="font-size:12.8px">Attached is the snapshot of what
am refering to.</div>
<div style="font-size:12.8px"><br>
</div>
<div style="font-size:12.8px"><b>ETHER 5 is the interface facing
my ISP </b></div>
<div style="font-size:12.8px"><b><br>
</b></div>
<div style="font-size:12.8px"><b>ETHER 3 is my LAN interface <a
moz-do-not-send="true" href="http://196.13.111.0/24"
target="_blank">196.13.111.0/24</a> disabled<br
clear="all">
</b>
<div><br>
</div>
</div>
<div><span style="font-size:12.8px">I need assistance from the
group in helping out.</span><br>
</div>
<div><span style="font-size:12.8px"><br>
</span></div>
<div><span style="font-size:12.8px">Regards.</span></div>
-- <br>
<div class="gmail_signature"><font style="color:rgb(0,0,0)"
size="2"><span style="font-family:Tahoma;font-weight:bold">I
am what God says I am<br>
</span></font></div>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
afnog mailing list
<a class="moz-txt-link-freetext" href="https://www.afnog.org/mailman/listinfo/afnog">https://www.afnog.org/mailman/listinfo/afnog</a></pre>
</blockquote>
<br>
</body>
</html>