Well, disabling remote requests worked well enough at the moment. I'll have to work on the firewall setup though.
Thanks all, I'm still not working correctly from the 3 day weekend obviously. On Tue, Sep 6, 2016 at 12:18 PM, Mike Hammett <[email protected]> wrote: > If you leave it long enough, Comcast will shut off your account. > > > > ----- > Mike Hammett > Intelligent Computing Solutions <http://www.ics-il.com/> > <https://www.facebook.com/ICSIL> > <https://plus.google.com/+IntelligentComputingSolutionsDeKalb> > <https://www.linkedin.com/company/intelligent-computing-solutions> > <https://twitter.com/ICSIL> > Midwest Internet Exchange <http://www.midwest-ix.com/> > <https://www.facebook.com/mdwestix> > <https://www.linkedin.com/company/midwest-internet-exchange> > <https://twitter.com/mdwestix> > The Brothers WISP <http://www.thebrotherswisp.com/> > <https://www.facebook.com/thebrotherswisp> > > > <https://www.youtube.com/channel/UCXSdfxQv7SpoRQYNyLwntZg> > ------------------------------ > *From: *"Jason McKemie" <[email protected]> > *To: *[email protected] > *Sent: *Tuesday, September 6, 2016 12:17:23 PM > *Subject: *Re: [AFMUG] Mikrotik Possibly Compromised > > Yeah, admittedly I haven't done much other than mess around with some > blacklists on this one. > > On Tue, Sep 6, 2016 at 12:16 PM, Mike Hammett <[email protected]> wrote: > >> Instill some basic network security. I block input to potentially harmful >> ports, but a better way is to only allow input on ports you want. >> >> >> >> ----- >> Mike Hammett >> Intelligent Computing Solutions <http://www.ics-il.com/> >> <https://www.facebook.com/ICSIL> >> <https://plus.google.com/+IntelligentComputingSolutionsDeKalb> >> <https://www.linkedin.com/company/intelligent-computing-solutions> >> <https://twitter.com/ICSIL> >> Midwest Internet Exchange <http://www.midwest-ix.com/> >> <https://www.facebook.com/mdwestix> >> <https://www.linkedin.com/company/midwest-internet-exchange> >> <https://twitter.com/mdwestix> >> The Brothers WISP <http://www.thebrotherswisp.com/> >> <https://www.facebook.com/thebrotherswisp> >> >> >> <https://www.youtube.com/channel/UCXSdfxQv7SpoRQYNyLwntZg> >> ------------------------------ >> *From: *"Jason McKemie" <[email protected]> >> *To: *[email protected] >> *Sent: *Tuesday, September 6, 2016 12:14:31 PM >> *Subject: *Re: [AFMUG] Mikrotik Possibly Compromised >> >> Well, disabling remote requests dropped it off steeply. I'll have to >> look into that. Is that enabled by default? >> >> On Tue, Sep 6, 2016 at 12:13 PM, Bruce Robertson <[email protected]> wrote: >> >>> Good point. >>> >>> On 09/06/2016 10:11 AM, Jason McKemie wrote: >>> >>> I'd think that I would see some internal network activity if this were >>> the case though. Also, the source IPs appear to be from all over the world. >>> >>> On Tue, Sep 6, 2016 at 12:09 PM, Bruce Robertson <[email protected]> wrote: >>> >>>> In my experience, that's usually your mobile devices nattering with >>>> the mother ship, like doing backups and uploading recent pictures. iPhones >>>> are especially bad about this. >>>> >>>> On 09/06/2016 09:57 AM, Jason McKemie wrote: >>>> >>>>> So I've noticed some strange behavior on my home connection >>>>> (Comcast). The Mikrotik that I am using shows a constant Tx on the WAN >>>>> port of around 3-5Mbps and between 200-300pps, Rx is just a few kbps. >>>>> This >>>>> activity appears to be strictly on the WAN port. If I disable a firewall >>>>> rule that accepts input, the activity ceases - but devices behind the >>>>> router lose connectivity. >>>>> >>>>> Any ideas? I've got all IP services disabled except winbox, which is >>>>> restricted to my local network. >>>>> wbr>8! >>>>> >>>> >>>> >>> !DSPAM:2,57cef8d652678869110723! >>> >>> >>> >> >> > >
