# Is my router being attacked?



## erixom (Jan 13, 2019)

We recently have been having some issues with our internet speed being low and the signal going in and out and the router just dying so I was going to do a factory reset on it and try to re set it up. I decided I would just check the system log real quick and I found this all throughout it: 


Spoiler: Router Log entries



Jan 13 02:12:42 dropbear[9819]: Client trying multiple usernames from 36.111.139.7:47305
Jan 13 02:12:42 dropbear[9819]: Login attempt for nonexistent user from 36.111.139.7:47305
Jan 13 02:12:42 dropbear[9819]: Login attempt for nonexistent user from 36.111.139.7:47305
Jan 13 02:12:43 dropbear[9819]: Client trying multiple usernames from 36.111.139.7:47305
Jan 13 02:12:43 dropbear[9819]: Bad password attempt for 'admin' from 36.111.139.7:47305
Jan 13 02:12:44 dropbear[9819]: Client trying multiple usernames from 36.111.139.7:47305
Jan 13 02:12:44 dropbear[9819]: Login attempt for nonexistent user from 36.111.139.7:47305
Jan 13 02:12:44 dropbear[9819]: Login attempt for nonexistent user from 36.111.139.7:47305
Jan 13 02:12:45 dropbear[9819]: Login attempt for nonexistent user from 36.111.139.7:47305
Jan 13 02:12:45 dropbear[9819]: Login attempt for nonexistent user from 36.111.139.7:47305
Jan 13 02:55:36 miniupnpd[1446]: PCP MAP: added mapping UDP 4500->192.168.1.110:4500 'PCP MAP be4f8b826be3cf89111091b9'
Jan 13 02:55:36 miniupnpd[1446]: PCP MAP: added mapping UDP 5353->192.168.1.110:5353 'PCP MAP be4f8b826be3cf89111091b9'
Jan 13 02:56:30 dropbear[11000]: Login attempt for nonexistent user from 188.32.44.227:49628
Jan 13 02:56:31 dropbear[11000]: Login attempt for nonexistent user from 188.32.44.227:49628
Jan 13 02:56:31 dropbear[11000]: Login attempt for nonexistent user from 188.32.44.227:49628
Jan 13 02:56:36 dropbear[11006]: Login attempt for nonexistent user from 188.32.44.227:49632
Jan 13 02:56:37 dropbear[11006]: Login attempt for nonexistent user from 188.32.44.227:49632
Jan 13 02:56:37 dropbear[11006]: Login attempt for nonexistent user from 188.32.44.227:49632
Jan 13 03:06:19 dropbear[11225]: Login attempt for nonexistent user from 46.148.18.163:37566
Jan 13 03:10:11 dropbear[11480]: Login attempt for nonexistent user from 46.148.18.163:55823
Jan 13 03:13:51 dropbear[11557]: Login attempt for nonexistent user from 46.148.18.163:42175
Jan 13 03:17:27 dropbear[11637]: Login attempt for nonexistent user from 46.148.18.163:55818
Jan 13 04:04:37 dropbear[12769]: Login attempt for nonexistent user from 46.148.18.163:50966
Jan 13 04:10:59 dropbear[12982]: Login attempt for nonexistent user from 46.148.18.163:54468
Jan 13 04:14:03 dropbear[13148]: Login attempt for nonexistent user from 46.148.18.163:38090
Jan 13 04:15:17 dropbear[13178]: Login attempt for nonexistent user from 218.236.101.141:60797
Jan 13 04:15:18 dropbear[13178]: Login attempt for nonexistent user from 218.236.101.141:60797
Jan 13 04:15:18 dropbear[13178]: Login attempt for nonexistent user from 218.236.101.141:60797
Jan 13 04:43:43 miniupnpd[1446]: PCP MAP: added mapping UDP 4500->192.168.1.110:4500 'PCP MAP c2c55f1b9427d4224c6618ce'
Jan 13 04:43:43 miniupnpd[1446]: PCP MAP: added mapping UDP 5353->192.168.1.110:5353 'PCP MAP c2c55f1b9427d4224c6618ce'
Jan 13 05:05:23 dropbear[14427]: Login attempt for nonexistent user from 46.148.18.163:56200
Jan 13 05:08:30 dropbear[14505]: Login attempt for nonexistent user from 46.148.18.163:44701
Jan 13 05:11:34 dropbear[14569]: Login attempt for nonexistent user from 46.148.18.163:57170
Jan 13 05:14:33 dropbear[14797]: Login attempt for nonexistent user from 46.148.18.163:40699
Jan 13 05:19:17 dropbear[14958]: Bad password attempt for 'admin' from 14.231.167.83:38327
Jan 13 05:38:52 dropbear[15510]: Login attempt for nonexistent user from 141.145.123.204:44041
Jan 13 06:05:17 dropbear[16126]: Login attempt for nonexistent user from 46.148.18.163:37484
Jan 13 06:08:24 dropbear[16205]: Login attempt for nonexistent user from 46.148.18.163:54396
Jan 13 06:11:27 dropbear[16267]: Login attempt for nonexistent user from 46.148.18.163:38197
Jan 13 06:14:25 dropbear[16491]: Login attempt for nonexistent user from 46.148.18.163:49664
Jan 13 06:31:49 miniupnpd[1446]: PCP MAP: added mapping UDP 4500->192.168.1.110:4500 'PCP MAP 7155a4bbd05dffae19c69da1'
Jan 13 06:31:49 miniupnpd[1446]: PCP MAP: added mapping UDP 5353->192.168.1.110:5353 'PCP MAP 7155a4bbd05dffae19c69da1'
Jan 13 06:50:00 dropbear[17495]: Login attempt for nonexistent user from 89.247.99.147:51836
Jan 13 06:50:01 dropbear[17495]: Login attempt for nonexistent user from 89.247.99.147:51836
Jan 13 06:50:01 dropbear[17495]: Login attempt for nonexistent user from 89.247.99.147:51836
Jan 13 07:40:07 dropbear[18853]: Login attempt for nonexistent user from 139.162.122.110:41412


The entire log was filled with that. Is this anything I should worry about? Should I try to get the ISP to give me a new IP? I did an IP lookup on one just because and it said it was coming from ukraine. Thanks!


----------



## lunarlander (Sep 22, 2007)

These kinds of attacks happen a lot. A lot. If you can find a username that was previously used on the router, then I would be concerned. Because that means someone has already gotten in before. And now that you reset the router, that username is gone. The danger is that if your router has been successfully attacked, then the attacker can intercept your network transmissions. And then, she could move on and attack your PC's .


----------

