1. Home
  2. Wireless Networking
  3. My router is under constant brute force atack every day. here is the log

My router is under constant brute force atack every day. here is the log

As soon i see that someone is atacking i block his ip in the firewall.But no sucsess,he is changing ip every time.Device Airgrid m5 hp.

Oct 15 14:48:10 dropbear[16537]: Child connection from ::ffff:91.230.60.21:49295 Oct 15 14:48:14 dropbear[16537]: login attempt for nonexistent user from ::ffff:91.230.60.21:49295 Oct 15 14:48:14 dropbear[16537]: exit before auth: Disconnect received Oct 15 14:48:15 dropbear[16550]: Child connection from ::ffff:91.230.60.21:51560 Oct 15 14:48:17 dropbear[16550]: login attempt for nonexistent user from ::ffff:91.230.60.21:51560 Oct 15 14:48:17 dropbear[16550]: exit before auth: Disconnect received Oct 15 14:48:17 dropbear[16552]: Child connection from ::ffff:91.230.60.21:52941 Oct 15 14:48:19 dropbear[16552]: login attempt for nonexistent user from ::ffff:91.230.60.21:52941 Oct 15 14:48:20 dropbear[16552]: exit before auth: Disconnect received Oct 15 14:48:20 dropbear[16554]: Child connection from ::ffff:91.230.60.21:54138 Oct 15 14:48:22 dropbear[16554]: login attempt for nonexistent user from ::ffff:91.230.60.21:54138 Oct 15 14:48:23 dropbear[16554]: exit before auth: Disconnect received Oct 15 14:48:23 dropbear[16557]: Child connection from ::ffff:91.230.60.21:55529 Oct 15 14:48:25 dropbear[16557]: login attempt for nonexistent user from ::ffff:91.230.60.21:55529 Oct 15 14:48:26 dropbear[16557]: exit before auth: Disconnect received Oct 15 14:48:26 dropbear[16559]: Child connection from ::ffff:91.230.60.21:57170 Oct 15 14:48:28 dropbear[16559]: login attempt for nonexistent user from ::ffff:91.230.60.21:57170 Oct 15 14:48:29 dropbear[16559]: exit before auth: Disconnect received Oct 15 14:48:29 dropbear[16564]: Child connection from ::ffff:91.230.60.21:58515 Oct 15 14:48:33 dropbear[16564]: login attempt for nonexistent user from ::ffff:91.230.60.21:58515 Oct 15 14:48:33 dropbear[16564]: exit before auth: Disconnect received Oct 15 14:48:34 dropbear[16568]: Child connection from ::ffff:91.230.60.21:60884 Oct 15 14:48:35 dropbear[16568]: login attempt for nonexistent user from ::ffff:91.230.60.21:60884 Oct 15 14:48:36 dropbear[16568]: exit before auth: Disconnect received Oct 15 14:48:36 dropbear[16569]: Child connection from ::ffff:91.230.60.21:34065 Oct 15 14:48:38 dropbear[16569]: login attempt for nonexistent user from ::ffff:91.230.60.21:34065 Oct 15 14:48:39 dropbear[16569]: exit before auth: Disconnect received Oct 15 14:48:39 dropbear[16570]: Child connection from ::ffff:91.230.60.21:35196 Oct 15 14:48:40 dropbear[16570]: login attempt for nonexistent user from ::ffff:91.230.60.21:35196 Oct 15 14:48:41 dropbear[16570]: exit before auth: Disconnect received Oct 15 14:48:41 dropbear[16571]: Child connection from ::ffff:91.230.60.21:36319 Oct 15 14:48:43 dropbear[16571]: login attempt for nonexistent user from ::ffff:91.230.60.21:36319 Oct 15 14:48:44 dropbear[16571]: exit before auth: Disconnect received Oct 15 14:48:44 dropbear[16574]: Child connection from ::ffff:91.230.60.21:37894 Oct 15 14:48:47 dropbear[16574]: login attempt for nonexistent user from ::ffff:91.230.60.21:37894 Oct 15 14:48:48 dropbear[16574]: exit before auth: Disconnect received Oct 15 14:48:48 dropbear[16575]: Child connection from ::ffff:91.230.60.21:39536 Oct 15 14:48:50 dropbear[16575]: login attempt for nonexistent user from ::ffff:91.230.60.21:39536 Oct 15 14:48:51 dropbear[16575]: exit before auth: Disconnect received Oct 15 14:48:51 dropbear[16576]: Child connection from ::ffff:91.230.60.21:40920 Oct 15 14:48:53 dropbear[16576]: login attempt for nonexistent user from ::ffff:91.230.60.21:40920 Oct 15 14:48:54 dropbear[16576]: exit before auth: Disconnect received Oct 15 14:48:54 dropbear[16577]: Child connection from ::ffff:91.230.60.21:42224 Oct 15 14:48:56 dropbear[16577]: login attempt for nonexistent user from ::ffff:91.230.60.21:42224 Oct 15 14:48:56 dropbear[16577]: exit before auth: Disconnect received Oct 15 14:48:56 dropbear[16578]: Child connection from ::ffff:91.230.60.21:43625 Oct 15 14:48:59 dropbear[16578]: login attempt for nonexistent user from ::ffff:91.230.60.21:43625 Oct 15 14:48:59 dropbear[16578]: exit before auth: Disconnect received Oct 15 14:48:59 dropbear[16579]: Child connection from ::ffff:91.230.60.21:44981 Oct 15 14:49:02 dropbear[16579]: login attempt for nonexistent user from ::ffff:91.230.60.21:44981 Oct 15 14:49:02 dropbear[16579]: exit before auth: Disconnect received Oct 15 14:49:03 dropbear[16580]: Child connection from ::ffff:91.230.60.21:46087 Oct 15 14:49:04 dropbear[16580]: login attempt for nonexistent user from ::ffff:91.230.60.21:46087 Oct 15 14:49:05 dropbear[16580]: exit before auth: Disconnect received Oct 15 14:49:05 dropbear[16581]: Child connection from ::ffff:91.230.60.21:47261 Oct 15 14:49:07 dropbear[16581]: login attempt for nonexistent user from ::ffff:91.230.60.21:47261 Oct 15 14:49:08 dropbear[16581]: exit before auth: Disconnect received Oct 15 14:49:08 dropbear[16582]: Child connection from ::ffff:91.230.60.21:48630 Oct 15 14:49:10 dropbear[16582]: login attempt for nonexistent user from ::ffff:91.230.60.21:48630 Oct 15 14:49:17 dropbear[16583]: Child connection from ::ffff:91.230.60.21:50498

Reply to
Unknown89
Loading thread data ...

Are you in Russia?

I'm probably out of my league here, but how does some client from the aether even have an ip address? Doesn't your router assign the IP?

Have you tried to change your SSID? There is a possibility that someone has your SSID on their list of APs.

Reply to
miso

What does "no success" mean? Are you saying your firewall isn't stopping unsolicited inbound traffic? If so, it's time to find another firewall.

Actually, if it bugs you that your firewall is being pounded by strangers, just put another firewall in front of it. In other words, you're not going to stop people from knocking. All you can do is not open the door, and any firewall can be configured to do that.

Reply to
Char Jackson

Why would you waste your time doing that?

Reply to
DevilsPGD

Not that I am promoting such tactics but here is one that has kept those pests in check for me and usually results in them leaving the network for quite a while...

I have been known to keep an old offline 286 computer which is just chock full of virus, trojans, and key loggers (pointing to god knows where) that I bring out on occasions like this.

It can be fun to temporarily replace my present router with an old spare unit set with the same SSID as my usual network but with no wireless security and let them have at it. I keep the router disconnected from my ISP in order to keep them off my back about an infected machine. Only my "suspect" PC is attached to the router with no firewalls or anti-virus programs on the box so they usually have a great time mucking about the machine.

True the box had been wiped using Dban prior to installing the present OS on it. Only freeware and unused shareware are loaded in the vicariously named sub directories. As for what else is on the box I have no actual proof other than what various virus removal tools advise that the box contains after it was left attached to a libraries public network for a month's worth of attacks by those who thought they had found clueless newbie's machine on the network. Nice living close enough to the library to actually use their Ethernet feed for emergencies and such...

After using it for a while I reformat the box and put an image copy of the identical system back on the hard drive and put it away until it's needed again.

Reply to
GlowingBlueMist

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.