Menu
What's new
By:
Filters Better Search

Need help with system log interpretation

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

E

erkme73

Occasional Visitor
My merlin-powered RT-AC68U was recently becoming extremely lethargic. After reviewing the logs, I found nearly constant brute force attempts at my OpenVPN server. Once I moved away from the standard port, that stopped. However, ever since the logs are flooded with these DROP entries.

I've set up a firewall rule using the GUI network services filter to block all WAN traffic on my 192.168.2.x subnet. This is where I keep all of my IP cameras for my Blue Iris network recorder.

1678680175326.png


That seem to be where these DROPs are originating, and it's probably entirely what it's supposed to be doing.

However, my concern is with the destination IP address - which nearly every one of them goes back to Amazon data centers... most of them to their norther VA location.

My cameras are Dahua, Hikvision, and Amcrest. They're all at least a year old, and none of them have any kind of AWS options. I've neutered them as much as possible.

So my question is, what could be causing these devices to be attempting to contact Amazon?



Code: 
Mar 12 22:45:07 kernel: DROP IN=br0 OUT=eth0 SRC=192.168.2.225 DST=34.238.41.119 LEN=396 TOS=0x00 PREC=0x00 TTL=63 ID=55033 DF PROTO=UDP SPT=35821 DPT=8800 LEN=376
Mar 12 22:45:07 kernel: DROP IN=br0 OUT=eth0 SRC=192.168.2.118 DST=34.238.41.119 LEN=357 TOS=0x00 PREC=0x00 TTL=63 ID=49533 DF PROTO=UDP SPT=52520 DPT=8800 LEN=337
Mar 12 22:45:07 kernel: DROP IN=br0 OUT=eth0 SRC=192.168.2.11 DST=172.217.10.106 LEN=60 TOS=0x00 PREC=0x00 TTL=63 ID=6467 DF PROTO=TCP SPT=43432 DPT=443 SEQ=1119441032 ACK=0 WINDOW=65535 RES=0x00 SYN URGP=0 OPT (020405B40402080A088F4CB80000000001030308)
Mar 12 22:45:07 kernel: DROP IN=br0 OUT=eth0 SRC=192.168.2.111 DST=34.238.41.119 LEN=59 TOS=0x00 PREC=0x00 TTL=63 ID=36642 DF PROTO=UDP SPT=18008 DPT=8800 LEN=39
Mar 12 22:45:07 kernel: DROP IN=br0 OUT=eth0 SRC=192.168.2.243 DST=52.8.60.34 LEN=301 TOS=0x00 PREC=0x00 TTL=63 ID=0 DF PROTO=UDP SPT=35305 DPT=8800 LEN=281
Mar 12 22:45:07 kernel: DROP IN=br0 OUT=eth0 SRC=192.168.2.6 DST=142.251.15.95 LEN=60 TOS=0x00 PREC=0x00 TTL=63 ID=674 DF PROTO=TCP SPT=41612 DPT=443 SEQ=901209759 ACK=0 WINDOW=65535 RES=0x00 SYN URGP=0 OPT (020405B40402080AA7DEA02D0000000001030306)
Mar 12 22:45:07 kernel: DROP IN=br0 OUT=eth0 SRC=192.168.2.9 DST=18.235.205.206 LEN=60 TOS=0x00 PREC=0x00 TTL=63 ID=59687 DF PROTO=TCP SPT=40562 DPT=80 SEQ=3803743613 ACK=0 WINDOW=65535 RES=0x00 SYN URGP=0 OPT (020405B40402080A8D1E6D550000000001030308)
Mar 12 22:45:07 kernel: DROP IN=br0 OUT=eth0 SRC=192.168.2.248 DST=54.245.47.200 LEN=60 TOS=0x00 PREC=0x00 TTL=63 ID=55196 DF PROTO=TCP SPT=55406 DPT=15301 SEQ=2516656723 ACK=0 WINDOW=29200 RES=0x00 SYN URGP=0 OPT (020405B40402080A122AFBC00000000001030304)
Mar 12 22:45:07 kernel: DROP IN=br0 OUT=eth0 SRC=192.168.2.243 DST=52.8.60.34 LEN=59 TOS=0x00 PREC=0x00 TTL=63 ID=0 DF PROTO=UDP SPT=22637 DPT=8800 LEN=39
Mar 12 22:45:07 kernel: DROP IN=br0 OUT=eth0 SRC=192.168.2.117 DST=34.238.41.119 LEN=59 TOS=0x00 PREC=0x00 TTL=63 ID=62398 DF PROTO=UDP SPT=45007 DPT=8800 LEN=39
Mar 12 22:45:07 kernel: DROP IN=br0 OUT=eth0 SRC=192.168.2.116 DST=34.227.6.54 LEN=60 TOS=0x00 PREC=0x00 TTL=63 ID=32384 DF PROTO=TCP SPT=42430 DPT=12367 SEQ=3896612092 ACK=0 WINDOW=29200 RES=0x00 SYN URGP=0 OPT (020405B40402080A04B1EAE80000000001030304)
Mar 12 22:45:07 kernel: DROP IN=br0 OUT=eth0 SRC=192.168.2.113 DST=34.238.41.119 LEN=356 TOS=0x00 PREC=0x00 TTL=63 ID=29459 DF PROTO=UDP SPT=47688 DPT=8800 LEN=336
Mar 12 22:45:07 kernel: DROP IN=br0 OUT=eth0 SRC=192.168.2.224 DST=34.238.41.119 LEN=357 TOS=0x00 PREC=0x00 TTL=63 ID=51048 DF PROTO=UDP SPT=58468 DPT=8800 LEN=337
Mar 12 22:45:07 kernel: DROP IN=br0 OUT=eth0 SRC=192.168.2.212 DST=34.238.41.119 LEN=355 TOS=0x00 PREC=0x00 TTL=63 ID=4435 DF PROTO=UDP SPT=38022 DPT=8800 LEN=335
Mar 12 22:45:07 kernel: DROP IN=br0 OUT=eth0 SRC=192.168.2.111 DST=52.21.167.116 LEN=60 TOS=0x00 PREC=0x00 TTL=63 ID=12128 DF PROTO=TCP SPT=39916 DPT=443 SEQ=4242523964 ACK=0 WINDOW=29200 RES=0x00 SYN URGP=0 OPT (020405B40402080A04B1E85C0000000001030304)
Mar 12 22:45:07 kernel: DROP IN=br0 OUT=eth0 SRC=192.168.2.249 DST=44.240.7.155 LEN=60 TOS=0x00 PREC=0x00 TTL=63 ID=15509 DF PROTO=TCP SPT=52119 DPT=10000 SEQ=4133803325 ACK=0 WINDOW=14600 RES=0x00 SYN URGP=0 OPT (020405B40402080A122AE9A80000000001030305)
Mar 12 22:45:08 kernel: DROP IN=br0 OUT=eth0 SRC=192.168.2.100 DST=3.224.175.53 LEN=60 TOS=0x00 PREC=0x00 TTL=63 ID=19996 DF PROTO=TCP SPT=40756 DPT=443 SEQ=1349280894 ACK=0 WINDOW=29200 RES=0x00 SYN URGP=0 OPT (020405B40402080A29662A620000000001030304)
Mar 12 22:45:08 kernel: DROP IN=br0 OUT=eth0 SRC=192.168.2.225 DST=34.238.41.119 LEN=78 TOS=0x00 PREC=0x00 TTL=63 ID=55044 DF PROTO=UDP SPT=64226 DPT=8800 LEN=58
Mar 12 22:45:08 kernel: DROP IN=br0 OUT=eth0 SRC=192.168.2.244 DST=34.238.41.119 LEN=400 TOS=0x00 PREC=0x00 TTL=63 ID=61324 DF PROTO=UDP SPT=36817 DPT=8800 LEN=380
Mar 12 22:45:08 kernel: DROP IN=br0 OUT=eth0 SRC=192.168.2.210 DST=34.238.41.119 LEN=78 TOS=0x00 PREC=0x00 TTL=63 ID=27439 DF PROTO=UDP SPT=40790 DPT=8800 LEN=58
Mar 12 22:45:08 kernel: DROP IN=br0 OUT=eth0 SRC=192.168.2.203 DST=34.238.41.119 LEN=356 TOS=0x00 PREC=0x00 TTL=63 ID=42551 DF PROTO=UDP SPT=54521 DPT=8800 LEN=336
Mar 12 22:45:08 kernel: DROP IN=br0 OUT=eth0 SRC=192.168.2.118 DST=34.238.41.119 LEN=357 TOS=0x00 PREC=0x00 TTL=63 ID=49550 DF PROTO=UDP SPT=52520 DPT=8800 LEN=337
Mar 12 22:45:08 kernel: DROP IN=br0 OUT=eth0 SRC=192.168.2.223 DST=34.196.154.2 LEN=60 TOS=0x00 PREC=0x00 TTL=63 ID=25806 DF PROTO=TCP SPT=54237 DPT=8555 SEQ=1213798444 ACK=0 WINDOW=14600 RES=0x00 SYN URGP=0 OPT (020405B40402080A37DB7E0E0000000001030301)
Mar 12 22:45:08 kernel: DROP IN=br0 OUT=eth0 SRC=192.168.2.244 DST=34.238.41.119 LEN=78 TOS=0x00 PREC=0x00 TTL=63 ID=61329 DF PROTO=UDP SPT=57228 DPT=8800 LEN=58
Mar 12 22:45:08 kernel: DROP IN=br0 OUT=eth0 SRC=192.168.2.243 DST=52.8.60.34 LEN=59 TOS=0x00 PREC=0x00 TTL=63 ID=0 DF PROTO=UDP SPT=22637 DPT=8800 LEN=39
Mar 12 22:45:08 kernel: DROP IN=br0 OUT=eth0 SRC=192.168.2.249 DST=54.241.203.224 LEN=59 TOS=0x00 PREC=0x00 TTL=63 ID=0 DF PROTO=UDP SPT=42280 DPT=8800 LEN=39
Mar 12 22:45:08 kernel: DROP IN=br0 OUT=eth0 SRC=192.168.2.125 DST=34.238.41.119 LEN=399 TOS=0x00 PREC=0x00 TTL=63 ID=15994 DF PROTO=UDP SPT=58048 DPT=8800 LEN=379
Mar 12 22:45:08 kernel: DROP IN=br0 OUT=eth0 SRC=192.168.2.203 DST=34.238.41.119 LEN=356 TOS=0x00 PREC=0x00 TTL=63 ID=42560 DF PROTO=UDP SPT=54521 DPT=8800 LEN=336
Mar 12 22:45:08 kernel: DROP IN=br0 OUT=eth0 SRC=192.168.2.118 DST=3.224.175.53 LEN=60 TOS=0x00 PREC=0x00 TTL=63 ID=4979 DF PROTO=TCP SPT=47400 DPT=443 SEQ=1988296488 ACK=0 WINDOW=29200 RES=0x00 SYN URGP=0 OPT (020405B40402080A04B1EC5B0000000001030304)
Mar 12 22:45:08 kernel: DROP IN=br0 OUT=eth0 SRC=192.168.2.243 DST=52.8.60.34 LEN=301 TOS=0x00 PREC=0x00 TTL=63 ID=0 DF PROTO=UDP SPT=35305 DPT=8800 LEN=281
Mar 12 22:45:08 kernel: DROP IN=br0 OUT=eth0 SRC=192.168.2.9 DST=54.86.107.74 LEN=60 TOS=0x00 PREC=0x00 TTL=63 ID=15881 DF PROTO=TCP SPT=36806 DPT=80 SEQ=700273627 ACK=0 WINDOW=65535 RES=0x00 SYN URGP=0 OPT (020405B40402080A8D1E6DD20000000001030308)
Mar 12 22:45:08 kernel: DROP IN=br0 OUT=eth0 SRC=192.168.2.115 DST=34.238.41.119 LEN=59 TOS=0x00 PREC=0x00 TTL=63 ID=56384 DF PROTO=UDP SPT=35545 DPT=8800 LEN=39
Mar 12 22:45:08 kernel: DROP IN=br0 OUT=eth0 SRC=192.168.2.224 DST=34.238.41.119 LEN=357 TOS=0x00 PREC=0x00 TTL=63 ID=51060 DF PROTO=UDP SPT=58468 DPT=8800 LEN=337
Mar 12 22:45:08 kernel: DROP IN=br0 OUT=eth0 SRC=192.168.2.113 DST=34.238.41.119 LEN=356 TOS=0x00 PREC=0x00 TTL=63 ID=29461 DF PROTO=UDP SPT=47688 DPT=8800 LEN=336
Mar 12 22:45:08 kernel: DROP IN=br0 OUT=eth0 SRC=192.168.2.203 DST=34.227.6.54 LEN=60 TOS=0x00 PREC=0x00 TTL=63 ID=20846 DF PROTO=TCP SPT=54532 DPT=12367 SEQ=1896895563 ACK=0 WINDOW=29200 RES=0x00 SYN URGP=0 OPT (020405B40402080A37DB07F00000000001030304)
Mar 12 22:45:08 kernel: DROP IN=br0 OUT=eth0 SRC=192.168.2.224 DST=52.21.167.116 LEN=60 TOS=0x00 PREC=0x00 TTL=63 ID=11686 DF PROTO=TCP SPT=47344 DPT=443 SEQ=3932228039 ACK=0 WINDOW=29200 RES=0x00 SYN URGP=0 OPT (020405B40402080A125324610000000001030304)
Mar 12 22:45:08 kernel: DROP IN=br0 OUT=eth0 SRC=192.168.2.100 DST=34.238.41.119 LEN=59 TOS=0x00 PREC=0x00 TTL=63 ID=23842 DF PROTO=UDP SPT=48547 DPT=8800 LEN=39
Mar 12 22:45:08 kernel: DROP IN=br0 OUT=eth0 SRC=192.168.2.249 DST=52.42.123.238 LEN=60 TOS=0x00 PREC=0x00 TTL=63 ID=345 DF PROTO=TCP SPT=55575 DPT=12367 SEQ=3278432391 ACK=0 WINDOW=14600 RES=0x00 SYN URGP=0 OPT (020405B40402080A122AE9DE0000000001030305)
Mar 12 22:45:08 kernel: DROP IN=br0 OUT=eth0 SRC=192.168.2.125 DST=34.238.41.119 LEN=78 TOS=0x00 PREC=0x00 TTL=63 ID=16016 DF PROTO=UDP SPT=23314 DPT=8800 LEN=58
Mar 12 22:45:08 kernel: DROP IN=br0 OUT=eth0 SRC=192.168.2.248 DST=13.52.30.245 LEN=398 TOS=0x00 PREC=0x00 TTL=63 ID=5848 DF PROTO=UDP SPT=50802 DPT=8800 LEN=378
Mar 12 22:45:08 kernel: DROP IN=br0 OUT=eth0 SRC=192.168.2.203 DST=34.238.41.119 LEN=356 TOS=0x00 PREC=0x00 TTL=63 ID=42582 DF PROTO=UDP SPT=54521 DPT=8800 LEN=336
Mar 12 22:45:08 kernel: DROP IN=br0 OUT=eth0 SRC=192.168.2.248 DST=34.217.231.174 LEN=60 TOS=0x00 PREC=0x00 TTL=63 ID=28857 DF PROTO=TCP SPT=37476 DPT=10000 SEQ=1512606900 ACK=0 WINDOW=29200 RES=0x00 SYN URGP=0 OPT (020405B40402080A122AFC0D0000000001030304)
Mar 12 22:45:08 kernel: DROP IN=br0 OUT=eth0 SRC=192.168.2.118 DST=34.238.41.119 LEN=357 TOS=0x00 PREC=0x00 TTL=63 ID=49589 DF PROTO=UDP SPT=52520 DPT=8800 LEN=337
Mar 12 22:45:08 kernel: DROP IN=br0 OUT=eth0 SRC=192.168.2.224 DST=34.238.41.119 LEN=59 TOS=0x00 PREC=0x00 TTL=63 ID=51085 DF PROTO=UDP SPT=44744 DPT=8800 LEN=39
Mar 12 22:45:08 kernel: DROP IN=br0 OUT=eth0 SRC=192.168.2.225 DST=34.238.41.119 LEN=396 TOS=0x00 PREC=0x00 TTL=63 ID=55067 DF PROTO=UDP SPT=35821 DPT=8800 LEN=376
Mar 12 22:45:08 kernel: DROP IN=br0 OUT=eth0 SRC=192.168.2.125 DST=34.238.41.119 LEN=399 TOS=0x00 PREC=0x00 TTL=63 ID=16033 DF PROTO=UDP SPT=58048 DPT=8800 LEN=379
 
You must log in or register to reply here.

Similar threads

D
[ASUS AX86U Merlin] Blink Sync Module does not connect (connects to iphone hotspot)
Replies
0
Views
298
dasusm
D
P
Skynet show inbound block on Digital TV Vlan300
Replies
4
Views
436
poudenes
P
J
AX86U constantly blocking repeated inbound connections
Replies
7
Views
1K
Tech9
Tech9
R
Skynet SkyNet, What's going on? should I be concerned?
Replies
18
Views
2K
Viktor Jaep
Viktor Jaep
C
system log shows KERNEL Accept with UDP 67/68?
Replies
3
Views
409
chillm8t
C
Similar threads
Thread starter Title Forum Replies Date
H Need help interpreting system log (NFP failed, maximum number of concurrent DNS queries) Asuswrt-Merlin 1
C Solved Need help with nat-start scripts Asuswrt-Merlin 3
G Need help with VPN Asuswrt-Merlin 2
C Need some help with a DHCP problem Asuswrt-Merlin 9
C Need help with GT-AXE11000 and DNS Director Asuswrt-Merlin 0
Spydawg need help with network loop. Asuswrt-Merlin 9
K Solved Need help to compile Realtek r8152 driver for RT-AX88U Asuswrt-Merlin 4
C Need urgent help with home internet w/ RT-AC68U! Willing to do anything to get this fixed! Asuswrt-Merlin 5
A Solved Need help setting up DDNS for cloudflare Asuswrt-Merlin 4
K Need help with a bad DHCP issue!!!! Asuswrt-Merlin 6

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Members online

Total: 971 (members: 25, guests: 946)
Top