Menu
What's new
By:
Filters Better Search

RT-AC3100 Log file is getting bombarded with Dropbear messages

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

jgebel

jgebel

Occasional Visitor
Hi I have an RT-AC3100 running firmware version 3.0.0.4.380_858 with no issues up to this point. I notice the log file is now flooded with the messages below:
Feb 27 04:48:09 dropbear[10311]: login attempt for nonexistent user from ::ffff:104.233.120.229:39293
Feb 27 04:48:11 dropbear[10312]: login attempt for nonexistent user from ::ffff:104.233.120.229:39373
Feb 27 04:48:12 dropbear[10313]: login attempt for nonexistent user from ::ffff:104.233.120.229:39430
Feb 27 04:48:13 dropbear[10314]: login attempt for nonexistent user from ::ffff:104.233.120.229:39494
Feb 27 04:48:14 dropbear[10353]: login attempt for nonexistent user from ::ffff:104.233.120.229:39559
Feb 27 04:48:15 dropbear[10395]: login attempt for nonexistent user from ::ffff:104.233.120.229:39605
Feb 27 04:48:16 dropbear[10472]: login attempt for nonexistent user from ::ffff:104.233.120.229:39670
Feb 27 04:48:17 dropbear[10473]: login attempt for nonexistent user from ::ffff:104.233.120.229:39709
Feb 27 04:48:18 dropbear[10480]: login attempt for nonexistent user from ::ffff:104.233.120.229:39762
Feb 27 04:48:19 dropbear[10481]: login attempt for nonexistent user from ::ffff:104.233.120.229:39803
Feb 27 04:48:20 dropbear[10482]: login attempt for nonexistent user from ::ffff:104.233.120.229:39850
Feb 27 04:48:21 dropbear[10483]: login attempt for nonexistent user from ::ffff:104.233.120.229:39897
Feb 27 04:48:22 dropbear[10484]: login attempt for nonexistent user from ::ffff:104.233.120.229:39943

I did a search on the forum for dropbear but could only find old threads and nothing recent for this model router. I do have SSH enabled but have a strong password. Is this something I should be concerned with?
 
This is because you opened SSH access to WAN (those connections are from a public IP). I recommend not opening SSH to WAN unless having a very good reason to do so. Otherwise, as long you have a secure password you should be fine, but you will regularly get spiders and malwares scanning for vulnerable SSH servers, so be prepared to see them on a regular basis in your log.
 
You must log in or register to reply here.

Similar threads

K
Issue with system log for Asus AX88U
Replies
1
Views
1K
ColinTaylor
C
W
Dropbear log msg, someone trying to get in my router
Replies
4
Views
6K
Sinner
Sinner
GeneM
RT-AC87U-Log file is getting bombarded with Successful Dropbear messages
Replies
3
Views
1K
sfx2000
sfx2000
William Higgs
enable ssh brute force protection not working
2
Replies
26
Views
7K
sfx2000
sfx2000
L
dropbear[31615]: login attempt for nonexistent user from
Replies
1
Views
8K
sfx2000
sfx2000
Similar threads
Thread starter Title Forum Replies Date
elrengo [RT-AC3100] - Infinite restart loop. ASUS AC Routers & Adapters (Wi-Fi 5) 3
elrengo [RT-AC3100] - Internet Connection is degraded ASUS AC Routers & Adapters (Wi-Fi 5) 6
Robert Giuffre Odd behavior with file naming on RT-AC3100 using the USB file sharing (Samba) ASUS AC Routers & Adapters (Wi-Fi 5) 1
M Asus RT-AC88U AC3100 Bricked/Failed Firmware update ASUS AC Routers & Adapters (Wi-Fi 5) 59
H Asus RT- AC88U strange log ASUS AC Routers & Adapters (Wi-Fi 5) 9
R Log is full of "Kernel: CPU Tainted" messages. Is this bad? ASUS AC Routers & Adapters (Wi-Fi 5) 7
F AC-59U log in issue ASUS AC Routers & Adapters (Wi-Fi 5) 0
C Can rt-ac1200p load an rt-ac68u cfg file ASUS AC Routers & Adapters (Wi-Fi 5) 5

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Staff online

Members online

Total: 668 (members: 31, guests: 637)
Top