On 2017/8/15 17:50, Roy wrote: > Dropbear is the SSH server. > > 192.168.11.1 is connecting on port 22 to the radio and then > disconnecting without trying to authenticate. > > Its a usual sign of network monitoring.
Monitoring SSH every 30 seconds is a bit unusual. Every 5 minutes or so would seem to be more reasonable. Attacks/probes of a router's external IP address via a DMZ or port forward / dst-nat rule, can come quickly. I'm not sure if any bots are trying every 30 seconds or not. What is 192.168.11.1? The router? What brand/model? Does it have port forwards or dst-nat rules? > On 8/15/2017 3:41 PM, Eric Williams SDWISP wrote: >> >> Need some help here My AP is 192.168.11.9 and the SU is 11.10 and log >> is showing Child connection to 11.1 ? >> >> >> >> Help as I do not understand the log ? >> >> >> >> Thanks. >> >> >> >> My link is perfect ! >> >> >> >> >> >> >> >> System Log >> >> Aug 15 14:29:02 sd_wisp: Messages cleared. >> >> Aug 15 14:29:31 dropbear[1886]: Child connection from >> ::ffff:192.168.11.1:38284 >> >> Aug 15 14:29:31 dropbear[1886]: exit before auth: Exited normally >> >> Aug 15 14:30:01 dropbear[1938]: Child connection from >> ::ffff:192.168.11.1:38487 >> >> Aug 15 14:30:01 dropbear[1938]: exit before auth: Exited normally >> >> Aug 15 14:30:31 dropbear[2024]: Child connection from >> ::ffff:192.168.11.1:38690 >> >> Aug 15 14:30:31 dropbear[2024]: exit before auth: Exited normally >> >> Aug 15 14:31:01 dropbear[2037]: Child connection from >> ::ffff:192.168.11.1:38893 >> >> Aug 15 14:31:01 dropbear[2037]: exit before auth: Exited normally >> >> Aug 15 14:31:31 dropbear[2050]: Child connection from >> ::ffff:192.168.11.1:39095 >> >> Aug 15 14:31:31 dropbear[2050]: exit before auth: Exited normally >> >> Aug 15 14:32:01 dropbear[2063]: Child connection from >> ::ffff:192.168.11.1:39299 >> >> Aug 15 14:32:01 dropbear[2063]: exit before auth: Exited normally >> >> Aug 15 14:32:31 dropbear[2077]: Child connection from >> ::ffff:192.168.11.1:39502 >> >> Aug 15 14:32:31 dropbear[2077]: exit before auth: Exited normally >> >> Aug 15 14:33:01 dropbear[2090]: Child connection from >> ::ffff:192.168.11.1:39704 >> >> Aug 15 14:33:01 dropbear[2090]: exit before auth: Exited normally >> >> Aug 15 14:33:31 dropbear[2103]: Child connection from >> ::ffff:192.168.11.1:39908 >> >> Aug 15 14:33:31 dropbear[2103]: exit before auth: Exited normally >> >> Aug 15 14:34:01 dropbear[2117]: Child connection from >> ::ffff:192.168.11.1:40110 >> >> Aug 15 14:34:01 dropbear[2117]: exit before auth: Exited normally >> >> >> >> >> >> >> >> >> >> > > > > _______________________________________________ > Ubnt_users mailing list > Ubnt_users@wispa.org > http://lists.wispa.org/mailman/listinfo/ubnt_users > -- Scott Lambert KC5MLE Unix SysAdmin lamb...@lambertfam.org _______________________________________________ Ubnt_users mailing list Ubnt_users@wispa.org http://lists.wispa.org/mailman/listinfo/ubnt_users