Unknown or Unauthorized Access
Posted: Fri Aug 28, 2015 11:58 pm
I've noticed from both my Gargoyle routers running v1.8 that the log captures public attempts to login to the router. The IP addresses vary, but when I tried one out (not the IP's listed below), I got someone's QNAP NAS... and they had factory default passwords! Below is an example of what I'm seeing on a router that has only 32 Mb of memory and no TOR. Its an Asus WL500G Premium v2. I also observed this issue with a Buffalo WZR-HP-G300NH2 which did have TOR. On both I did download some plugins and themes.
What is this?....
Fri Aug 28 22:17:46 2015 authpriv.info dropbear[8087]: Child connection from 43.229.53.16:59685
Fri Aug 28 22:17:52 2015 authpriv.info dropbear[8087]: Exit before auth: Disconnect received
Fri Aug 28 22:36:54 2015 authpriv.info dropbear[8092]: Child connection from 201.76.116.157:58515
Fri Aug 28 22:37:02 2015 authpriv.warn dropbear[8092]: Bad password attempt for 'root' from 201.76.116.157:58515
Fri Aug 28 22:37:02 2015 authpriv.info dropbear[8092]: Exit before auth (user 'root', 1 fails): Exited normally
What is this?....
Fri Aug 28 22:17:46 2015 authpriv.info dropbear[8087]: Child connection from 43.229.53.16:59685
Fri Aug 28 22:17:52 2015 authpriv.info dropbear[8087]: Exit before auth: Disconnect received
Fri Aug 28 22:36:54 2015 authpriv.info dropbear[8092]: Child connection from 201.76.116.157:58515
Fri Aug 28 22:37:02 2015 authpriv.warn dropbear[8092]: Bad password attempt for 'root' from 201.76.116.157:58515
Fri Aug 28 22:37:02 2015 authpriv.info dropbear[8092]: Exit before auth (user 'root', 1 fails): Exited normally