Hi, Just thought I’d throw this at the list, more of an interest piece than anything. A downstream network noticed today some extra latency on their network, caused by a significant increase in packets / CPU usage on a Mikrotik CCR in the path. At approximately 3:20 am this morning there was an uptick of about 25k PPS on their network, although not a significant increase in the amount of overall traffic (mbps) on the network. After some investigation this afternoon it was found that the additional increase in traffic was coming from 158.255.5.147 which appears to be a Russian web based port scanning service. While the service itself claims not to be malicious, by design it was causing a detrimental affect on the customer network, (increased CPU and increased latency), there is also the question of what the results of the port scan are used for, which I highly doubt is a legitimate purpose... Anyway enjoy your Sunday :) Liam