Under attack? Tons of child connections attempts and tons of network issues

[lalord69]

Running rt86u on marlin 384.17

i was having tons of drop issues so i decided to update to .17 and redo my whole setup(including new ssid) and i still have issues like loosing connection either eth or wifi.

my concern at this time is that im looking at my log and i got tons of child connection attempts--


May 5 19:23:50 dropbear[16091]: Child connection from 92.63.194.104:37221
May 5 19:23:51 dropbear[16091]: Bad password attempt for 'admin' from 92.63.194.104:37221
May 5 19:23:51 dropbear[16091]: Exit before auth (user 'admin', 1 fails): Exited normally
May 5 19:23:52 dropbear[16096]: Child connection from 92.63.194.105:36057
May 5 19:23:52 dropbear[16096]: Bad password attempt for 'admin' from 92.63.194.105:36057
May 5 19:23:53 dropbear[16096]: Exit before auth (user 'admin', 1 fails): Exited normally
May 5 19:23:53 dropbear[16102]: Child connection from 92.63.194.106:41021
May 5 19:23:54 dropbear[16102]: Login attempt for nonexistent user from 92.63.194.106:41021
May 5 19:23:55 dropbear[16102]: Exit before auth: Exited normally

and this is just a little bit of the huge log.


i am running a vpn connected to PIA with rules for only certain ip to vpn only and also have diverse installed

i can share the log to someone who is willing to help.

 

[ColinTaylor]

You have enabled SSH access from the internet. Turn it off immediately.

 

[lalord69]

You have enabled SSH access from the internet. Turn it off immediately.

i just set it to LAN only and also added access to ssh and web ui from 2 local ips. Also changed the default ssh port to something else. I am about to change my router login password info too.

Should i be concern at this time??? Anything else i can do on my part?

 

[L&LD]

If any of the connection attempts were successful (and if they were, I'm sure they were promptly removed from the logs), I would flash the router again and reset to factory defaults as fully as possible without being connected to the internet. Use new passwords only after you disconnect from the net. Don't plug in any USB drives you had plugged in previously.

This post may help to fully wipe the router.

https://www.snbforums.com/threads/ax88-packet-loss.62891/#post-563326

Remember, do the steps indicated with no internet connection at all to the router.

Afterward, the M&M Config and possibly the Nuclear Reset guides may be of further use. Please see the link to those guides in my signature below.

 

[ColinTaylor]

Should i be concern at this time??? Anything else i can do on my part?

If you were using a reasonably complex password you are probably OK. Go through all the router's config pages and check that they look correct. Pay particular attention to the VPN, DDNS and remote access settings. If in doubt do a factory reset and a manual configuration using new passwords.