staticfree
Regular Contributor
I had updated my new AC68P to the latest Firmware Version:3.0.0.4.378_3873 yesterday from the original out of the box firmware version 376_2104.
I just noticed in the system log lots of error messages but what concerns me most is I see unauthorized attempts at trying to login to the router. The ipaddresses I traced back all come from China. Those damn hackers!
Does anyone else see such unauthorized login attempts in their logs?
Here is cut and paste of some of the ones I see in there now. There are many lines of each attacker but I am just posting a few lines from each ipaddress to save space:
Feb 1 15:40:53 dropbear[1749]: login attempt for nonexistent user from ::ffff:61.174.50.208:52746
Feb 1 15:40:54 dropbear[1749]: login attempt for nonexistent user from ::ffff:61.174.50.208:52746
Feb 1 15:40:54 dropbear[1749]: login attempt for nonexistent user from ::ffff:61.174.50.208:52746
Feb 2 01:51:36 dropbear[3519]: login attempt for nonexistent user from ::ffff:61.174.51.230:13064
Feb 2 01:51:37 dropbear[3519]: login attempt for nonexistent user from ::ffff:61.174.51.230:13064
Feb 2 01:51:37 dropbear[3519]: login attempt for nonexistent user from ::ffff:61.174.51.230:13064
Feb 2 09:32:29 dropbear[4912]: login attempt for nonexistent user from ::ffff:218.2.0.137:16135
Feb 2 09:32:31 dropbear[4912]: login attempt for nonexistent user from ::ffff:218.2.0.137:16135
Feb 2 09:32:32 dropbear[4912]: login attempt for nonexistent user from ::ffff:218.2.0.137:16135
Feb 2 09:32:34 dropbear[4912]: login attempt for nonexistent user from ::ffff:218.2.0.137:16135
Feb 2 15:33:06 dropbear[5900]: login attempt for nonexistent user from ::ffff:122.225.97.73:53189
Feb 2 15:33:07 dropbear[5900]: login attempt for nonexistent user from ::ffff:122.225.97.73:53189
Feb 2 15:33:07 dropbear[5900]: login attempt for nonexistent user from ::ffff:122.225.97.73:53189
Feb 2 15:33:08 dropbear[5900]: login attempt for nonexistent user from ::ffff:122.225.97.73:53189
Feb 2 17:18:26 dropbear[6225]: login attempt for nonexistent user from ::ffff:61.143.236.193:48863
Feb 2 17:18:30 dropbear[6226]: login attempt for nonexistent user from ::ffff:61.143.236.193:49600
Feb 2 17:18:33 dropbear[6227]: login attempt for nonexistent user from ::ffff:61.143.236.193:50284
Feb 2 17:18:36 dropbear[6229]: login attempt for nonexistent user from ::ffff:61.143.236.193:51030
Also I see a lot of these messages in the syslog. What are they from?
Feb 2 23:05:05 miniupnpd[741]: sendto(udp): Operation not permitted
Feb 2 23:06:06 miniupnpd[741]: sendto(udp): Operation not permitted
Feb 2 23:09:11 miniupnpd[741]: sendto(udp): Operation not permitted
I just noticed in the system log lots of error messages but what concerns me most is I see unauthorized attempts at trying to login to the router. The ipaddresses I traced back all come from China. Those damn hackers!
Does anyone else see such unauthorized login attempts in their logs?
Here is cut and paste of some of the ones I see in there now. There are many lines of each attacker but I am just posting a few lines from each ipaddress to save space:
Feb 1 15:40:53 dropbear[1749]: login attempt for nonexistent user from ::ffff:61.174.50.208:52746
Feb 1 15:40:54 dropbear[1749]: login attempt for nonexistent user from ::ffff:61.174.50.208:52746
Feb 1 15:40:54 dropbear[1749]: login attempt for nonexistent user from ::ffff:61.174.50.208:52746
Feb 2 01:51:36 dropbear[3519]: login attempt for nonexistent user from ::ffff:61.174.51.230:13064
Feb 2 01:51:37 dropbear[3519]: login attempt for nonexistent user from ::ffff:61.174.51.230:13064
Feb 2 01:51:37 dropbear[3519]: login attempt for nonexistent user from ::ffff:61.174.51.230:13064
Feb 2 09:32:29 dropbear[4912]: login attempt for nonexistent user from ::ffff:218.2.0.137:16135
Feb 2 09:32:31 dropbear[4912]: login attempt for nonexistent user from ::ffff:218.2.0.137:16135
Feb 2 09:32:32 dropbear[4912]: login attempt for nonexistent user from ::ffff:218.2.0.137:16135
Feb 2 09:32:34 dropbear[4912]: login attempt for nonexistent user from ::ffff:218.2.0.137:16135
Feb 2 15:33:06 dropbear[5900]: login attempt for nonexistent user from ::ffff:122.225.97.73:53189
Feb 2 15:33:07 dropbear[5900]: login attempt for nonexistent user from ::ffff:122.225.97.73:53189
Feb 2 15:33:07 dropbear[5900]: login attempt for nonexistent user from ::ffff:122.225.97.73:53189
Feb 2 15:33:08 dropbear[5900]: login attempt for nonexistent user from ::ffff:122.225.97.73:53189
Feb 2 17:18:26 dropbear[6225]: login attempt for nonexistent user from ::ffff:61.143.236.193:48863
Feb 2 17:18:30 dropbear[6226]: login attempt for nonexistent user from ::ffff:61.143.236.193:49600
Feb 2 17:18:33 dropbear[6227]: login attempt for nonexistent user from ::ffff:61.143.236.193:50284
Feb 2 17:18:36 dropbear[6229]: login attempt for nonexistent user from ::ffff:61.143.236.193:51030
Also I see a lot of these messages in the syslog. What are they from?
Feb 2 23:05:05 miniupnpd[741]: sendto(udp): Operation not permitted
Feb 2 23:06:06 miniupnpd[741]: sendto(udp): Operation not permitted
Feb 2 23:09:11 miniupnpd[741]: sendto(udp): Operation not permitted
Last edited: