1

Since there are only a few different source addresses and they are all within valid subnets for the types of routers on our network (mostly netgear & mikrotik), I assume this means that this traffic is coming from local networks and not the routers themselves (seems like if it was from hacked routers, we would see a larger variety of source addresses).

If this is the case, then how are packets with 192.168 source addresses leaving routers with 10.10 public IP addresses? Is there a way to set up the firewalls of the individual mikrotik routers to prevent this from happening?

Dustin Soodak
  • 111
  • 2
  • Mikrotiks are extremely complex to configure and will work incorrectly if not configured properly. 192.168 traffic can be from a rouge router inside your network or something similar to that. – Overmind Nov 09 '16 at 08:44

1 Answers1

0

It's very simple to block or allow the relevant traffic on MikroTik RouterOS device.

I am pretty sure it's not hacked routers, maybe they are not configured properly. You can use an Address link like LAN_Networks and allow only them. The example at their wiki site is pretty simple: https://wiki.mikrotik.com/wiki/Manual:IP/Firewall/Address_list

schroeder
  • 123,438
  • 55
  • 284
  • 319
elico
  • 1