Timigate giveaway: Mikrotik RB951 series with one usb and five ethernet ports

Timigate giveaway is here, and this time, I will be giving out a Mikrotik RB951 small office router to one of my blog visitors. We all need these tools to practice. I will be doing this as a way of encouraging us to practice what is posted on this blog.

The Mikrotik RB951 series comes with five ethernet port, a 2.4Ghz wireless interface, a usb port and a level 4 license capable of supporting up to 100 hotspot users. It has a poe out function on ether5 designed to power connected poe devices such as IP phones and wireless radios. It can be deployed for small offices with up to 50 concurrent users.

However, unlike other blogs, this giveaway comes with a test aimed at keeping us engaged. I will create a real-life scenario and whoever is first to provide the correct answer wins. So, here we go!

timigate giveaway

Timigate giveaway question

Consider the network diagram below and answer the question that follows.

Network Topology

The router has a public IP assigned to ether1 (WAN interface) with dns functions enabled. Users on the LAN complained of slow connectivity. A check on the router revealed high utilization even when all users have been disconnected. You observed that the WAN interface has much traffic with nothing coming from the LAN.

 

State what could be the cause of this reported congestion and what can be done to remedy the situation.
Hint: the router has been configured as a dns server. No firewall filter rule has been configured on the router.

To win the prize, simply drop a comment stating what the problem is and how to solve it. Be sure to do so with your email address. Remember, the first correct answer, wins!

Please subscribe to this blog to receive my posts via email. Also subscribe to my YouTube channel, like my Facebook page and follow me on Twitter.

Spread the love

17 thoughts on “Timigate giveaway: Mikrotik RB951 series with one usb and five ethernet ports

  • September 12, 2018 at 8:48 am
    Permalink

    hello Timi I have being a fan of your blog…. I also shared my tech story recently about How a faulty POE adapter affected my wireless link, having being in the IT industry here is my Answer to your give away price “This is could be caused by the dns requests from the internet. Allow remote request was enabled on the router, and since no firewall filter rule has been configured, users all over the world are using the router as dns server. As a result, high upload traffics are noticed on the network. To solve the problem, configure a filter rule to drop dns request coming from the internet.”

    Reply
    • September 12, 2018 at 1:07 pm
      Permalink

      Congratulations, Kelly Collins!!!!. Kindly send your shipping address to [email protected]. Almost everyone got the answer correctly but like I said, only the first correct answer wins. More giveaways to come.

      Reply
  • September 12, 2018 at 9:09 am
    Permalink

    The box is operating as a recursive DNS resolver to the outside world. The following firewall rule would do the job.

    /ip firewall filter
    add action=drop chain=input dst-port=53 in-interface= protocol=udp
    add action=drop chain=input dst-port=53 in-interface= protocol=tcp

    Reply
    • September 12, 2018 at 1:09 pm
      Permalink

      Your answer is VERY correct, only that it is not the first correct answer. I hope you win next time. Thanks

      Reply
  • September 12, 2018 at 9:35 am
    Permalink

    Problem is your router public IP is already act as dns server for outside computer.

    Solution is go IP/dns uncheck allow remote request.

    Reply
    • September 12, 2018 at 1:15 pm
      Permalink

      Your answer is partially correct. Problem is, I do not want to disable allow remote request because I want the router to provider dns services to connected LAN users.

      Reply
  • September 12, 2018 at 10:58 am
    Permalink

    The problem is DNS requests.
    Solution is to uncheck Allow remote request in IP->DNS Settings or to add firewall rule that will drop traffic to port 53.

    Reply
    • September 12, 2018 at 1:16 pm
      Permalink

      Disable allow remote request=No. Add firewall rule to drop dns requests from the internet=Yes.

      Reply
  • September 12, 2018 at 11:13 am
    Permalink

    I think the router got like DNS Amplification Attack,.. so many ‘DNS request’ come into local-process of router from WAN/Internet. And make a huge traffic received on WAN interface.

    Solution:
    Uncheck option “Allow Remote Request” on configuration of DNS Server in Mikrotik. But if you need this feature, so create firewall filter rule, to protect router for DNS request (UDP/TCP 53) which come from internet.

    Reply
  • September 12, 2018 at 11:44 am
    Permalink

    DNS remote Requests is allowed and no firewall rule protects it from outside world on port 53
    solution :
    1- create firewall rule to block incoming WAN traffic to to tcp and udp 53
    2- or disable allow remote request from MTK DNS settings

    Reply
  • September 12, 2018 at 11:49 am
    Permalink

    DNS requests from the internet, just put two rules dropping DNS requests on port 53, one for up and one for TCP. Either use in interface the wan or source address the local network. The DNS is getting attacked from the internet.

    Reply
  • September 12, 2018 at 11:51 am
    Permalink

    I already put a comment but don’t see it! The problem is DNS requests from the wan side, two rules dropping the TCP and udp 52 from the wan is ok

    Reply
  • September 12, 2018 at 12:31 pm
    Permalink

    Dns reflection attack, add firewall rule to drop port 53 requests coming into WAN interface.

    Reply
    • September 12, 2018 at 1:18 pm
      Permalink

      Very correct, however, not the first correct.

      Reply
  • September 12, 2018 at 12:33 pm
    Permalink

    DNS reflection attack, add firewall rule to drop port 53 request incoming to WAN port.

    Reply
  • September 12, 2018 at 5:45 pm
    Permalink

    The utilization seen on the router could be as a result of the following: requests, broadcasts from the internet.

    Configure firewall rule denying requests from the internet on the WAN interface of the router and Broadcast from the internet

    Reply
    • September 12, 2018 at 7:47 pm
      Permalink

      Your answer is correct, however, it is not the first correct answer. Thanks all the same and better luck next time.

      Reply

Leave a Reply

Your email address will not be published. Required fields are marked *