1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.
Dismiss Notice

Welcome To SNBForums

SNBForums is a community for anyone who wants to learn about or discuss the latest in wireless routers, network storage and the ins and outs of building and maintaining a small network.

If you'd like to post a question, simply register and have at it!

While you're at it, please check out SmallNetBuilder for product reviews and our famous Router Charts, Ranker and plenty more!

Dropbear log msg, someone trying to get in my router

Discussion in 'ASUS Wireless' started by wizin, Sep 19, 2018.

  1. wizin

    wizin Occasional Visitor

    Joined:
    Aug 18, 2013
    Messages:
    25
    I recently configured diversion
    I use VPN configured in my browser
    I use VPN proxy in my torrent app
    I use VPN on my 86U with only 1 device using it

    I see this today, whats happening?

    Sep 18 19:52:10 dropbear[9875]: Login attempt for nonexistent user from 185.246.128.25:29683
    Sep 18 19:52:34 dropbear[9883]: Login attempt for nonexistent user from 145.131.103.46:41167
    Sep 18 19:53:18 dropbear[9933]: Login attempt for nonexistent user from 185.246.128.25:48377
    Sep 18 19:53:44 dropbear[9912]: Login attempt for nonexistent user from 145.131.103.46:48450
    Sep 18 19:53:57 dropbear[9958]: Login attempt for nonexistent user from 185.246.128.25:59752
    Sep 18 19:54:21 dropbear[9970]: Login attempt for nonexistent user from 145.131.103.46:60564
    Sep 18 19:54:44 dropbear[9980]: Login attempt for nonexistent user from 185.246.128.25:36958
    Sep 18 19:55:06 dropbear[9994]: Login attempt for nonexistent user from 145.131.103.46:38417
    Sep 18 19:55:31 dropbear[10028]: Bad password attempt for 'admin' from 185.246.128.25:31438
    Sep 18 19:55:43 dropbear[10035]: Login attempt for nonexistent user from 145.131.103.46:45741
    Sep 18 19:56:14 dropbear[10057]: Login attempt for nonexistent user from 185.246.128.25:11342
    Sep 18 19:56:33 dropbear[10060]: Login attempt for nonexistent user from 145.131.103.46:52433
    Sep 18 19:56:56 dropbear[10087]: Login attempt for nonexistent user from 185.246.128.25:1890
    Sep 18 19:57:12 dropbear[10091]: Login attempt for nonexistent user from 145.131.103.46:60444
    Sep 18 19:58:03 dropbear[10135]: Login attempt for nonexistent user from 145.131.103.46:39233
    Sep 18 19:58:04 dropbear[10163]: Login attempt for nonexistent user from 185.246.128.25:37300
    Sep 18 19:58:57 dropbear[10169]: Login attempt for nonexistent user from 145.131.103.46:47725
    Sep 18 19:59:19 dropbear[10188]: Login attempt for nonexistent user from 185.246.128.25:18666
    Sep 18 20:00:07 dropbear[10229]: Login attempt for nonexistent user from 185.246.128.25:46059
    Sep 18 20:00:52 dropbear[10269]: Login attempt for nonexistent user from 185.246.128.25:4710
    Sep 18 20:01:27 dropbear[10291]: Login attempt for nonexistent user from 185.246.128.25:43015
    Sep 18 20:01:43 dropbear[10326]: Login attempt for nonexistent user from 185.246.128.25:12726
    Sep 18 20:03:06 dropbear[10375]: Login attempt for nonexistent user from 185.246.128.25:25997
    Sep 18 20:03:54 dropbear[10413]: Login attempt for nonexistent user from 185.246.128.25:14446
    Sep 18 20:05:13 dropbear[10437]: Bad password attempt for 'admin' from 185.246.128.25:31004
    Sep 18 20:05:41 dropbear[10499]: Login attempt for nonexistent user from 185.246.128.25:40709
    Sep 18 20:06:29 dropbear[10522]: Login attempt for nonexistent user from 185.246.128.25:4098
    Sep 18 21:31:45 roamast: eth6: add client [e4:a7:a0:af:b3:51] to monitor list
    Sep 18 21:33:03 dropbear[14391]: Bad password attempt for 'admin' from 72.221.232.153:51706
    Sep 18 21:33:09 dropbear[14395]: Bad password attempt for 'admin' from 171.255.226.28:34736
    Sep 18 21:33:14 dropbear[14399]: Bad password attempt for 'admin' from 154.0.65.230:50388
    Sep 18 22:39:27 dropbear[17328]: Login attempt for nonexistent user from 90.76.176.225:47566
    Sep 18 22:39:27 dropbear[17329]: Login attempt for nonexistent user from 90.76.176.225:47570
    Sep 18 22:50:53 dropbear[17815]: Bad password attempt for 'admin' from 103.114.105.76:60171
     
  2. Please support SNBForums! Just click on this link before you buy something from Amazon and we'll get a small commission on anything you buy. Thanks!
  3. ColinTaylor

    ColinTaylor Part of the Furniture

    Joined:
    Mar 31, 2014
    Messages:
    6,493
    Location:
    UK
    You appear to have enabled SSH access to the router from the WAN. Turn it off.
     
    indark and agilani like this.
  4. goatdog

    goatdog Occasional Visitor

    Joined:
    Sep 23, 2016
    Messages:
    42
    or at least change the default port to something else ..... Probably some scanning scripts exist out there that tries all default user id / passwords....
     
  5. agilani

    agilani Senior Member

    Joined:
    Nov 30, 2012
    Messages:
    415
    disable inbound port 22
    turn on aiprotect
    install merlin and skynet
     
  6. Sinner

    Sinner Senior Member

    Joined:
    Sep 30, 2017
    Messages:
    282
    Location:
    Canada
    Looks like it quickly determined the username and was like brute forcing for the password at the end of the log there
     
Please support SNBForums! Just click on this link before you buy something from Amazon and we'll get a small commission on anything you buy. Thanks!