[SOLVED] Kernel drop-in... with IP-Cam MAC

[Henk59]

I don't know what it means but it worries me

Jan 19 16:26:59 kernel: DROP IN=eth0 OUT= MAC=00:09:fb:00:6c:a3:00:21:55:cb:01:d9:08:00 SRC=120.68.108.116 DST=94.215.59.XX LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=49007 PROTO=TCP SPT=28318 DPT=37777 SEQ=1591163740 ACK=0 WINDOW=43222 RES=0x00 SYN URGP=0
Jan 19 16:27:32 kernel: DROP IN=eth0 OUT= MAC=00:09:fb:00:6c:a3:00:21:55:cb:01:d9:08:00 SRC=31.168.116.118 DST=94.215.59.XX LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=17752 PROTO=TCP SPT=49558 DPT=23 SEQ=2089287680 ACK=0 WINDOW=14600 RES=0x00 SYN URGP=0 OPT (0204058C)
Jan 19 16:28:52 kernel: ACCEPT IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:21:55:cb:01:d9:08:00 SRC=10.202.0.1 DST=255.255.255.255 LEN=331 TOS=0x00 PREC=0x00 TTL=255 ID=58231 PROTO=UDP SPT=67 DPT=68 LEN=311
Jan 19 16:28:52 kernel: ACCEPT IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:21:55:cb:01:d9:08:00 SRC=10.202.0.1 DST=255.255.255.255 LEN=331 TOS=0x00 PREC=0x00 TTL=255 ID=58234 PROTO=UDP SPT=67 DPT=68 LEN=311
Jan 19 16:29:16 kernel: DROP IN=eth0 OUT= MAC=00:09:fb:00:6c:a3:00:21:55:cb:01:d9:08:00 SRC=122.226.189.231 DST=94.215.59.XX LEN=40 TOS=0x00 PREC=0x00 TTL=103 ID=256 PROTO=TCP SPT=6000 DPT=8080 SEQ=1694236672 ACK=0 WINDOW=16384 RES=0x00 SYN URGP=0
Jan 19 16:29:21 kernel: ACCEPT IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:21:55:cb:01:d9:08:00 SRC=10.202.0.1 DST=255.255.255.255 LEN=328 TOS=0x00 PREC=0x00 TTL=255 ID=58315 PROTO=UDP SPT=67 DPT=68 LEN=308
Jan 19 16:31:13 kernel: DROP IN=eth0 OUT= MAC=00:09:fb:00:6c:a3:00:21:55:cb:01:d9:08:00 SRC=221.226.84.122 DST=94.215.59.XX LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=30354 PROTO=TCP SPT=17619 DPT=6789 SEQ=1591163740 ACK=0 WINDOW=5840 RES=0x00 SYN URGP=0
Jan 19 16:32:02 kernel: DROP IN=eth0 OUT= MAC=00:09:fb:00:6c:a3:00:21:55:cb:01:d9:08:00 SRC=191.96.249.13 DST=94.215.59.XX LEN=48 TOS=0x00 PREC=0x40 TTL=124 ID=53136 PROTO=TCP SPT=31936 DPT=22 SEQ=451938402 ACK=1824557949 WINDOW=65535 RES=0x00 SYN URGP=0 OPT (020405B401010402)
Jan 19 16:32:15 kernel: DROP IN=eth0 OUT= MAC=00:09:fb:00:6c:a3:00:21:55:cb:01:d9:08:00 SRC=2.177.183.202 DST=94.215.59.XX LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=64308 PROTO=TCP SPT=43138 DPT=7547 SEQ=7443 ACK=0 WINDOW=14600 RES=0x00 SYN URGP=0
Jan 19 16:32:24 kernel: DROP IN=eth0 OUT= MAC=00:09:fb:00:6c:a3:00:21:55:cb:01:d9:08:00 SRC=100.40.4.211 DST=94.215.59.XX LEN=40 TOS=0x00 PREC=0x00 TTL=53 ID=47733 PROTO=TCP SPT=25747 DPT=23 SEQ=1591163740 ACK=0 WINDOW=30339 RES=0x00 SYN URGP=0
Jan 19 16:32:58 kernel: DROP IN=eth0 OUT= MAC=00:09:fb:00:6c:a3:00:21:55:cb:01:d9:08:00 SRC=187.67.170.29 DST=94.215.59.XX LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=51375 PROTO=TCP SPT=41516 DPT=23 SEQ=4220452864 ACK=0 WINDOW=14600 RES=0x00 SYN URGP=0
Jan 19 16:33:36 kernel: DROP IN=eth0 OUT= MAC=00:09:fb:00:6c:a3:00:21:55:cb:01:d9:08:00 SRC=112.16.208.248 DST=94.215.59.XX LEN=40 TOS=0x00 PREC=0x00 TTL=239 ID=27420 PROTO=TCP SPT=46060 DPT=6789 SEQ=1591163740 ACK=0 WINDOW=5840 RES=0x00 SYN URGP=0
Jan 19 16:35:33 kernel: DROP IN=eth0 OUT= MAC=00:09:fb:00:6c:a3:00:21:55:cb:01:d9:08:00 SRC=177.238.155.23 DST=94.215.59.XX LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=7340 PROTO=TCP SPT=17222 DPT=23 SEQ=31629 ACK=0 WINDOW=14600 RES=0x00 SYN URGP=0
Jan 19 16:35:42 kernel: DROP IN=eth0 OUT= MAC=00:09:fb:00:6c:a3:00:21:55:cb:01:d9:08:00 SRC=5.202.22.22 DST=94.215.59.XX LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=18504 PROTO=TCP SPT=48393 DPT=7547 SEQ=25852 ACK=0 WINDOW=14600 RES=0x00 SYN URGP=0
Jan 19 16:44:48 kernel: DROP IN=eth0 OUT= MAC=00:09:fb:00:6c:a3:00:21:55:cb:01:d9:08:00 SRC=134.249.116.158 DST=94.215.59.XX LEN=40 TOS=0x00 PREC=0x00 TTL=54 ID=30965 PROTO=TCP SPT=22497 DPT=23 SEQ=1591163740 ACK=0 WINDOW=19705 RES=0x00 SYN URGP=0
Jan 19 16:45:13 kernel: DROP IN=eth0 OUT= MAC=00:09:fb:00:6c:a3:00:21:55:cb:01:d9:08:00 SRC=134.249.116.158 DST=94.215.59.XX LEN=40 TOS=0x00 PREC=0x00 TTL=54 ID=30965 PROTO=TCP SPT=22497 DPT=23 SEQ=1591163740 ACK=0 WINDOW=19705 RES=0x00 SYN URGP=0

A few dozens of different IP's, the leader MAC is from my IP-Cam (I did a factory reset) and then without power,
my router keeps going with Drop-In's.

Any advise, with a brief and clear; how to do, and clean up the 'mesh'
Noot: with OpenVPN then there aren't any Drop-In messages, only during when, without OpenVPN.
The XX means, I cover my ISP IP adress.

 

[ColinTaylor]

That just looks like the normal port scanning activity you get from the internet.

The only unusual thing is the MAC address 00:09:fb:00:6c:a3 which would normally be the address of your Asus' WAN interface. Have you cloned your IP-Cam's address?

PS They are DROP's, not DROP IN's.

 

[RMerlin]

They are mostly connection attempts to SSH. Part of the usual background noise.

IN is for the interface. IN=eth0 means the connection attempt came in on the eth0 interface.

 

[Henk59]

That just looks like the normal port scanning activity you get from the internet.

The only unusual thing is the MAC address 00:09:fb:00:6c:a3 which would normally be the address of your Asus' WAN interface. Have you cloned your IP-Cam's address?

PS They are DROP's, not DROP IN's.

Very good remark, @ColinTalor.

I have a long history of router's and settings about an decennia, at the moment you said MAC Clone,
I looked back in my history file, and somehow it is the same as my IP-Cam, I'll think I changed it by accident, by myself in the past!
The MAC-Clone shoulld ended with ...:46:c6 well it explains alot.

They are mostly connection attempts to SSH. Part of the usual background noise.

IN is for the interface. IN=eth0 means the connection attempt came in on the eth0 interface.

Thank you @Merlin for the important info.