Any idea what this "wpa-supplicant" message means in a Ubiquiti AirOS log file? wpa-supplicant: WPA: Group rekeying completed with de:ad:be:ef:ca:fe [GTK=CCMP]
I get this in between brute force attacks by foreign IP addresses:
----- [ many connection attempts of the following type, ending with this one below] Dec 3 15:03:06 dropbear[44343]: Child connection from ::ffff:46.22.129.47:42348 Dec 3 15:03:09 dropbear[44343]: login attempt for nonexistent user from ::ffff:112.4.172.208:42348 Dec 3 15:03:10 dropbear[44343]: exit before auth: Disconnect received
------ Dec 3 15:03:25 wpa-supplicant: WPA: Group rekeying completed with de:ad:be:ef:ca:fe [GTK=CCMP] Dec 3 15:03:25 wpa-supplicant: WPA: Group rekeying completed with de:ad:be:ef:ca:fe [GTK=CCMP] Dec 3 15:03:25 wpa-supplicant: WPA: Group rekeying completed with de:ad:be:ef:ca:fe [GTK=CCMP] Dec 3 15:03:25 wpa-supplicant: WPA: Group rekeying completed with de:ad:be:ef:ca:fe [GTK=CCMP] Dec 3 15:03:25 wpa-supplicant: WPA: Group rekeying completed with de:ad:be:ef:ca:fe [GTK=CCMP]
----- Dec 3 15:08:32 dropbear[48564]: Child connection from ::ffff:61.142.106.34:42933 Dec 3 15:08:36 dropbear[48564]: login attempt for nonexistent user from ::ffff:61.142.106.26:42933 Dec 3 15:08:39 dropbear[48564]: exit before auth: Disconnect received [ many connection attempts of the following type, starting with this one above]
-----
I'm using WPA2-PSK to connect to the SSID of the WISP provider, and in the AirOS log file, I noticed what appeared to be hundreds of brute force attacks to the "dropbear" process (i.e., SSH) on various ports.
Then, in between two different sets of attacks, I see this "wpa-supplicant" message. I don't use WPA (I'm using WPA2-PSK to connect to my WISP SSID).
Do you know what these "wpa-supplicant" messages indicate?