1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Can someone decode this log for me?

Discussion in 'Tomato Firmware' started by fubdap, Jan 19, 2011.

  1. fubdap

    fubdap Addicted to LI Member

    I was reviewing my logs today and I found these entires. Can someome please tell me what is going on?


    Jan 18 11:27:05 HiTech authpriv.warn dropbear[18635]: bad password attempt for 'root' from ::ffff:109.123.94.242:33443
    Jan 18 11:27:05 HiTech authpriv.info dropbear[18635]: exit before auth (user 'root', 1 fails): Disconnect received
    Jan 18 11:28:34 HiTech authpriv.warn dropbear[18636]: bad password attempt for 'root' from ::ffff:109.123.94.242:45258
    Jan 18 11:28:34 HiTech authpriv.info dropbear[18636]: exit before auth (user 'root', 1 fails): Disconnect received
    Jan 18 11:29:57 HiTech authpriv.warn dropbear[18637]: bad password attempt for 'root' from ::ffff:109.123.94.242:57072
    Jan 18 11:29:57 HiTech authpriv.info dropbear[18637]: exit before auth (user 'root', 1 fails): Disconnect received
    Jan 18 11:31:23 HiTech authpriv.warn dropbear[18638]: bad password attempt for 'root' from ::ffff:109.123.94.242:38151
    Jan 18 11:31:24 HiTech authpriv.info dropbear[18638]: exit before auth (user 'root', 1 fails): Disconnect received
    Jan 18 11:34:16 HiTech authpriv.warn dropbear[18652]: bad password attempt for 'root' from ::ffff:109.123.94.242:33540
    Jan 18 11:34:16 HiTech authpriv.info dropbear[18652]: exit before auth (user 'root', 1 fails): Disconnect received
     
  2. WRobertE

    WRobertE Addicted to LI Member

    It appears that the SSH service is running on your router and someone is trying various passwords in an attempt to establish an SSH session (I.E. command line session) to your router.

    If you don't need the SSH feature, then you should go to Administration -> Admin Access. Under the 'SSH Daemon' section, ensure that 'Enable at startup' is not checked and click 'Save' at the bottom of the page. If the daemon is running, it will be stopped and it won't restart if your router reboots.

    If you do need the SSH daemon, I suggest setting up the service to use public / private keys for SSH access.
     
  3. fubdap

    fubdap Addicted to LI Member

    Thanks for your suggestion. I will disable SSH immediately. I don't use it that often.

     

Share This Page