Upload Fora de Controle e CPU Muito alta..

[bnet]

Caros Amigos..

Estou com o seguinte problema..

Ha 04 dias estou com o MK apresentando alto consumo de CPU.

Imagem 01.

No primeiro instante apresentava link com upload e download full..

De cara verifiquei os blouqeios de acesso externo ao proxy, tinha sumido do meu firewall filter rules, adicionei e o consumo do link de aparentemente tinha voltado ao normal.

Achei que era só isso e tava resolvido, mas continuei acompanhando, e o cosumo de CPU permanecia elevado, muito além do normal, como podem ver na imagem 01, com pequenas quedas no processamento.

Bom a Imagem 02 mostra que permanece apenas o upload do MK para fora elevado, conferi o grafico de todos os clientes, controle de banda dos mesmos, nem um deles apresenta taxa de upload alta ou indicio de "descontrole" de banda.

Como podem ver na Imagem 3 que representa o trafego na bridge das 4 setoriais, la tambem não aparece taxa de upload que justifica-se o alto upload na interface do link..

Atentem que as cores no grafico da figura 3 são inversas:

Verde = Upload / Azul = Download..

Bom suspeitando do Web-Proxy, desabilitei o mesmo...não resolveu..

Alguem tem alguma Luz..

Parece que tem algo rodando dentro do MK gerando trafego para o link..

se alguem precisar de mais alguma informação soh falar, passarei minhas regra de firewall a seguir..

Abraços...

[bnet]

/ ip firewall filter
add chain=input action=drop in-interface="Link BrTelecom" dst-port=8080 protocol=tcp comment="Prote ao Externa \
Proxy,,," disabled=no
add chain=input action=drop in-interface="Link BrTelecom" dst-port=8081 protocol=tcp comment="Prote ao Externa \
Proxy,,," disabled=no

add chain=forward action=accept connection-state=established comment="" disabled=no
add chain=forward action=accept connection-state=related comment="" disabled=no
add chain=forward action=drop connection-state=invalid comment="" disabled=no
add chain=forward action=drop tcp-flags=syn protocol=tcp connection-limit=15,32 src-address-list=limit-conexao \
comment="controle de conexo por cliente 15/32" disabled=no
add chain=forward action=drop p2p=all-p2p protocol=tcp connection-limit=10,32 comment="" disabled=no
add chain=forward action=accept protocol=icmp comment="" disabled=no
add chain=forward action=accept protocol=udp comment="" disabled=no
add chain=input action=accept connection-state=established comment="" disabled=no
add chain=input action=accept connection-state=related comment="" disabled=no
add chain=input action=accept protocol=udp comment="" disabled=no
add chain=input action=accept protocol=icmp comment="" disabled=no
add chain=output action=accept connection-state=related comment="" disabled=no
add chain=forward action=drop dst-port=135 protocol=udp comment="Drop Netbius e Similar" disabled=no
add chain=forward action=drop dst-port=135 protocol=tcp comment="" disabled=no
add chain=forward action=drop dst-port=137 protocol=udp comment="" disabled=no
add chain=forward action=drop dst-port=137 protocol=tcp comment="" disabled=no
add chain=forward action=drop dst-port=138 protocol=udp comment="" disabled=no
add chain=forward action=drop dst-port=138 protocol=tcp comment="" disabled=no
add chain=forward action=drop dst-port=139 protocol=udp comment="" disabled=no
add chain=forward action=drop dst-port=139 protocol=tcp comment="" disabled=no
add chain=forward action=drop dst-port=445 protocol=tcp comment="" disabled=no
add chain=forward action=drop dst-port=445 protocol=udp comment="" disabled=no
add chain=output action=log tcp-flags=!fin,!syn,!rst,!psh,!ack,!urg ,!ece,!cwr protocol=tcp log-prefix="" comment="" \
disabled=no
add chain=input action=drop connection-state=invalid comment="" disabled=no
add chain=input action=drop dst-port=22 protocol=tcp comment="" disabled=no
add chain=input action=drop dst-port=23 protocol=tcp comment="" disabled=no
add chain=services action=accept src-address=127.0.0.1 dst-address=127.0.0.1 comment="accept localhost" disabled=no
add chain=services action=accept dst-port=20-21 protocol=tcp comment="allow ftp" disabled=no
add chain=services action=accept dst-port=80 protocol=tcp comment="allow http, webbox" disabled=no
add chain=services action=accept dst-port=8291 protocol=tcp comment="Allow winbox" disabled=no
add chain=services action=accept dst-port=20561 protocol=udp comment="allow MACwinbox " disabled=no
add chain=services action=accept dst-port=2000 protocol=tcp comment="Bandwidth server" disabled=no
add chain=services action=accept dst-port=1701 protocol=udp comment="allow L2TP" disabled=no
add chain=services action=accept dst-port=1723 protocol=tcp comment="allow PPTP" disabled=no
add chain=services action=accept dst-port=1900 protocol=udp comment="UPnP" disabled=no
add chain=services action=accept dst-port=2828 protocol=tcp comment="UPnP" disabled=no
add chain=services action=accept dst-port=67-68 protocol=udp comment="allow DHCP" disabled=no
add chain=services action=accept dst-port=8080 protocol=tcp comment="allow Web Proxy" disabled=no
add chain=services action=accept dst-port=123 protocol=tcp comment="allow NTP" disabled=no
add chain=services action=accept dst-port=161 protocol=tcp comment="allow SNMP" disabled=no
add chain=forward action=accept dst-port=443 protocol=tcp comment="allow https for Hotspot" disabled=no
add chain=services action=accept dst-port=1080 protocol=tcp comment="allow Socks for Hotspot" disabled=no
add chain=services action=accept dst-port=500 protocol=udp comment="allow IPSec connections" disabled=no
add chain=services action=accept dst-port=179 protocol=tcp comment="Allow BGP" disabled=no
add chain=services action=accept dst-port=520-521 protocol=udp comment="allow RIP" disabled=no
add chain=services action=accept dst-port=5000-5100 protocol=udp comment="allow BGP" disabled=no
add chain=services action=accept dst-port=1720 protocol=tcp comment="allow Telephony" disabled=no
add chain=services action=accept dst-port=1719 protocol=udp comment="allow Telephony" disabled=no
add chain=virus action=drop dst-port=135-139 protocol=tcp comment="Drop Blaster Worm" disabled=no
add chain=virus action=drop dst-port=135-139 protocol=udp comment="Drop Messenger Worm" disabled=no
add chain=virus action=drop dst-port=445 protocol=tcp comment="Drop Blaster Worm" disabled=no
add chain=virus action=drop dst-port=445 protocol=udp comment="Drop Blaster Worm" disabled=no
add chain=virus action=drop dst-port=593 protocol=tcp comment="________" disabled=no
add chain=virus action=drop dst-port=1024-1030 protocol=tcp comment="________" disabled=no
add chain=virus action=drop dst-port=1080 protocol=tcp comment="Drop MyDoom" disabled=no
add chain=virus action=drop dst-port=1214 protocol=tcp comment="________" disabled=no
add chain=virus action=drop dst-port=1363 protocol=tcp comment="ndm requester" disabled=no
add chain=virus action=drop dst-port=1364 protocol=tcp comment="ndm server" disabled=no
add chain=virus action=drop dst-port=1368 protocol=tcp comment="screen cast" disabled=no
add chain=virus action=drop dst-port=1373 protocol=tcp comment="hromgrafx" disabled=no
add chain=virus action=drop dst-port=1377 protocol=tcp comment="cichlid" disabled=no
add chain=virus action=drop dst-port=1433-1434 protocol=tcp comment="Worm" disabled=no
add chain=virus action=drop dst-port=2745 protocol=tcp comment="Bagle Virus" disabled=no
add chain=virus action=drop dst-port=2283 protocol=tcp comment="Drop Dumaru.Y" disabled=no
add chain=virus action=drop dst-port=2535 protocol=tcp comment="Drop Beagle" disabled=no
add chain=virus action=drop dst-port=2745 protocol=tcp comment="Drop Beagle.C-K" disabled=no
add chain=virus action=drop dst-port=3127-3128 protocol=tcp comment="Drop MyDoom" disabled=no
add chain=virus action=drop dst-port=3410 protocol=tcp comment="Drop Backdoor OptixPro" disabled=no
add chain=virus action=drop dst-port=4444 protocol=tcp comment="Worm" disabled=no
add chain=virus action=drop dst-port=4444 protocol=udp comment="Worm" disabled=no
add chain=virus action=drop dst-port=5554 protocol=tcp comment="Drop Sasser" disabled=no
add chain=virus action=drop dst-port=8866 protocol=tcp comment="Drop Beagle.B" disabled=no
add chain=virus action=drop dst-port=9898 protocol=tcp comment="Drop Dabber.A-B" disabled=no
add chain=virus action=drop dst-port=10080 protocol=tcp comment="Drop MyDoom.B" disabled=no
add chain=virus action=drop dst-port=12345 protocol=tcp comment="Drop NetBus" disabled=no

[bnet]

O trafego da alto em UDP em TCP ta normal...

achei isto de diferente no MK...

Please Help......