yep, but those subnets aren't present on the network, first step on installation of a new mikrotik is default, remove config. Theres no routes in the tables to these subnets, and other than when I toss it on for testing those subnets don't exist anywhere in the network
On Tue, Jun 13, 2017 at 8:32 PM, [email protected] < [email protected]> wrote: > Are you redistributing connected and/or static routes by chance? > > On Tue, Jun 13, 2017 at 4:40 PM, Steve Jones <[email protected]> > wrote: > >> I don't know if this is normal to see or what. I cant figure it out >> We have sites that are all isolated by mikrotiks and use ospf between them >> >> what I'm seeing is stuff like site A having a customer on 1.2.3.4 at both >> sites A and B I'm seeing conversations between 1.2.3.4 from site A and >> 192.168.2.1 at site B. Site B does not have the 192.168.2 subnet even >> present. when I put an IP in that subnet on site B mikrotik I see a MAC >> matching that IP, it is also present for an actual customer, we will say >> 5.6.7.8 >> >> I'm wondering if there isn't some form of tunnel between these two >> customers isolated by multiple routers that is leaking internal traffic out >> or something of that nature. I'm currently dropping that traffic now, I >> should have been from the get go, but what I don't understand is how, with >> no routes or subnets present this communication is even happening. >> >> Scared me assumes the CIA hacked all my mikrotiks, then hijacked customer >> routers and are somehow using my network to mine bitcoin to fund black site >> operations. Reality tells me its misconfiguration somewhere on my part >> >> any ideas? >> > >
