Firewall/Security: Am I under attack?

  • Thread starter Thread starter tellanand
  • Start date Start date
  • Replies Replies 2
  • Views Views 1,525
T

tellanand

Messages
51
Location
Chennai
ISP
Hathway, Airtel
I use Airtel & Hathway BB connection (w/ OpenWRT). In my "System Log" I see the following messages almost 24x7 (for the past 1 week or so). Fortunately, my firewall seems to be dropping all of them. From the logs, I think someone is trying to launch an attack looking for holes in my firewall.

Couple of things: I tried rebooting the router and/or doing a ifdown/ifup (to reset the public IP address), but this traffic (attack?) comes back immediately. I had DDNS enabled and I thought someone might be using my DDNS to attack my router; I disabled DDNS and even after that this continues.

1. Can someone with the right expertise, look into the logs and tell me, if you think this is an attack? Is there anything I can do about it?
2. Can anyone else with Airtel / Hathway connection, confirm if they are seeing similar attacks on their routers?
3. I am surprised its happening both on Airtel and Hathway connections.
4. Is it possible that there is some malware sitting on one of my home devices that's exporting my public IP to an external entity for attack?

Any thoughts to plug this will help.

Thanks in advance.

System Logs:
Fri Aug 28 11:47:14 2020 kern.warn kernel: [31549.086471] DROP wan in: IN=pppoe-wana OUT= MAC= SRC=92.63.197.97 DST=w.x.y.z LEN=40 TOS=0x00 PREC=0x00 TTL=251 ID=5130 PROTO=TCP SPT=46974 DPT=7393 WINDOW=1024 RES=0x00 SYN URGP=0 MARK=0x3f00
Fri Aug 28 11:47:16 2020 kern.warn kernel: [31550.696609] DROP wan in: IN=pppoe-wanh OUT= MAC= SRC=92.63.197.97 DST=z.y.x.w LEN=40 TOS=0x08 PREC=0x00 TTL=240 ID=23990 PROTO=TCP SPT=46974 DPT=7421 WINDOW=1024 RES=0x00 SYN URGP=0 MARK=0x3f00
Fri Aug 28 11:47:25 2020 kern.warn kernel: [31560.020572] DROP wan in: IN=pppoe-wana OUT= MAC= SRC=195.54.167.94 DST=w.x.y.z LEN=40 TOS=0x00 PREC=0x00 TTL=250 ID=44913 PROTO=TCP SPT=42449 DPT=13980 WINDOW=1024 RES=0x00 SYN URGP=0 MARK=0x3f00
Fri Aug 28 11:47:26 2020 kern.warn kernel: [31560.456037] DROP wan in: IN=pppoe-wanh OUT= MAC= SRC=85.232.214.125 DST=z.y.x.w LEN=48 TOS=0x00 PREC=0x00 TTL=61 ID=4449 DF PROTO=UDP SPT=62995 DPT=6881 LEN=28 MARK=0x3f00
Fri Aug 28 11:47:37 2020 kern.warn kernel: [31571.608798] DROP wan in: IN=pppoe-wana OUT= MAC= SRC=185.132.53.229 DST=w.x.y.z LEN=40 TOS=0x00 PREC=0x00 TTL=249 ID=54321 PROTO=TCP SPT=37988 DPT=22 WINDOW=65535 RES=0x00 SYN URGP=0 MARK=0x3f00
Fri Aug 28 11:47:38 2020 kern.warn kernel: [31573.195193] DROP wan in: IN=pppoe-wanh OUT= MAC= SRC=124.13.18.35 DST=z.y.x.w LEN=52 TOS=0x00 PREC=0x00 TTL=111 ID=60594 DF PROTO=TCP SPT=54954 DPT=6881 WINDOW=64240 RES=0x00 SYN URGP=0 MARK=0x3f00
Fri Aug 28 11:47:49 2020 kern.warn kernel: [31583.618197] DROP wan in: IN=pppoe-wana OUT= MAC= SRC=185.175.93.23 DST=w.x.y.z LEN=40 TOS=0x00 PREC=0x00 TTL=250 ID=56533 PROTO=TCP SPT=46943 DPT=3565 WINDOW=1024 RES=0x00 SYN URGP=0 MARK=0x3f00
Fri Aug 28 11:47:50 2020 kern.warn kernel: [31584.696522] DROP wan in: IN=pppoe-wanh OUT= MAC= SRC=185.175.93.23 DST=z.y.x.w LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=24726 PROTO=TCP SPT=46943 DPT=4614 WINDOW=1024 RES=0x00 SYN URGP=0 MARK=0x3f00
Fri Aug 28 11:48:04 2020 kern.warn kernel: [31599.016346] DROP wan in: IN=pppoe-wana OUT= MAC= SRC=92.63.197.97 DST=w.x.y.z LEN=40 TOS=0x00 PREC=0x00 TTL=251 ID=6073 PROTO=TCP SPT=46974 DPT=7898 WINDOW=1024 RES=0x00 SYN URGP=0 MARK=0x3f00
Fri Aug 28 11:48:08 2020 kern.warn kernel: [31602.660829] DROP wan in: IN=pppoe-wanh OUT= MAC= SRC=102.132.177.33 DST=z.y.x.w LEN=131 TOS=0x08 PREC=0x00 TTL=110 ID=8478 PROTO=UDP SPT=23319 DPT=6881 LEN=111 MARK=0x3f00
Fri Aug 28 11:48:16 2020 kern.warn kernel: [31610.436596] DROP wan in: IN=pppoe-wanh OUT= MAC= SRC=120.29.73.9 DST=z.y.x.w LEN=131 TOS=0x08 PREC=0x00 TTL=110 ID=42492 PROTO=UDP SPT=28676 DPT=6881 LEN=111 MARK=0x3f00
Fri Aug 28 11:48:17 2020 kern.warn kernel: [31611.455464] DROP wan in: IN=pppoe-wana OUT= MAC= SRC=184.105.139.67 DST=w.x.y.z LEN=113 TOS=0x00 PREC=0x00 TTL=56 ID=22927 DF PROTO=UDP SPT=32124 DPT=161 LEN=93 MARK=0x3f00
Fri Aug 28 11:48:25 2020 kern.warn kernel: [31619.793278] DROP wan in: IN=pppoe-wana OUT= MAC= SRC=185.175.93.23 DST=w.x.y.z LEN=40 TOS=0x00 PREC=0x00 TTL=250 ID=13139 PROTO=TCP SPT=46943 DPT=4092 WINDOW=1024 RES=0x00 SYN URGP=0 MARK=0x3f00
Fri Aug 28 11:48:28 2020 kern.warn kernel: [31623.000647] DROP wan in: IN=pppoe-wanh OUT= MAC= SRC=112.206.9.71 DST=z.y.x.w LEN=48 TOS=0x00 PREC=0x00 TTL=61 ID=57393 DF PROTO=UDP SPT=9376 DPT=6881 LEN=28 MARK=0x3f00
Fri Aug 28 11:48:36 2020 kern.warn kernel: [31631.100421] DROP wan in: IN=pppoe-wana OUT= MAC= SRC=185.175.93.23 DST=w.x.y.z LEN=40 TOS=0x00 PREC=0x00 TTL=250 ID=25015 PROTO=TCP SPT=46943 DPT=4035 WINDOW=1024 RES=0x00 SYN URGP=0 MARK=0x3f00
Fri Aug 28 11:48:38 2020 kern.warn kernel: [31632.462194] DROP wan in: IN=pppoe-wanh OUT= MAC= SRC=170.84.11.71 DST=z.y.x.w LEN=131 TOS=0x00 PREC=0x00 TTL=107 ID=21344 PROTO=UDP SPT=15623 DPT=6881 LEN=111 MARK=0x3f00
Fri Aug 28 11:48:47 2020 kern.warn kernel: [31642.366280] DROP wan in: IN=pppoe-wana OUT= MAC= SRC=49.206.7.130 DST=w.x.y.z LEN=72 TOS=0x00 PREC=0x20 TTL=57 ID=24339 PROTO=UDP SPT=16637 DPT=57318 LEN=52 MARK=0x3f00
Fri Aug 28 11:48:54 2020 kern.warn kernel: [31648.707320] DROP wan in: IN=pppoe-wanh OUT= MAC= SRC=49.37.133.69 DST=z.y.x.w LEN=48 TOS=0x00 PREC=0x00 TTL=61 ID=41166 DF PROTO=UDP SPT=40773 DPT=6881 LEN=28 MARK=0x3f00
Fri Aug 28 11:49:03 2020 kern.warn kernel: [31657.621576] DROP wan in: IN=pppoe-wanh OUT= MAC= SRC=92.63.197.97 DST=z.y.x.w LEN=40 TOS=0x08 PREC=0x00 TTL=240 ID=58348 PROTO=TCP SPT=46974 DPT=8012 WINDOW=1024 RES=0x00 SYN URGP=0 MARK=0x3f00
Fri Aug 28 11:49:03 2020 kern.warn kernel: [31658.136553] DROP wan in: IN=pppoe-wana OUT= MAC= SRC=92.63.197.97 DST=w.x.y.z LEN=40 TOS=0x00 PREC=0x00 TTL=251 ID=38738 PROTO=TCP SPT=46974 DPT=7031 WINDOW=1024 RES=0x00 SYN URGP=0 MARK=0x3f00
Fri Aug 28 11:49:11 2020 kern.warn kernel: [31666.367924] DROP wan in: IN=pppoe-wana OUT= MAC= SRC=134.209.243.207 DST=w.x.y.z LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=54321 PROTO=TCP SPT=57599 DPT=22 WINDOW=65535 RES=0x00 SYN URGP=0 MARK=0x3f00
Fri Aug 28 11:49:14 2020 kern.warn kernel: [31669.379475] DROP wan in: IN=pppoe-wanh OUT= MAC= SRC=124.95.141.149 DST=z.y.x.w LEN=60 TOS=0x08 PREC=0x00 TTL=43 ID=46620 DF PROTO=TCP SPT=43482 DPT=7001 WINDOW=14600 RES=0x00 SYN URGP=0 MARK=0x3f00
Fri Aug 28 11:49:25 2020 kern.warn kernel: [31679.791536] DROP wan in: IN=pppoe-wana OUT= MAC= SRC=195.54.161.59 DST=w.x.y.z LEN=40 TOS=0x00 PREC=0x00 TTL=249 ID=16038 PROTO=TCP SPT=40245 DPT=4038 WINDOW=1024 RES=0x00 SYN URGP=0 MARK=0x3f00
Fri Aug 28 11:49:26 2020 kern.warn kernel: [31681.309082] DROP wan in: IN=pppoe-wanh OUT= MAC= SRC=60.147.7.78 DST=z.y.x.w LEN=52 TOS=0x08 PREC=0x00 TTL=111 ID=44042 DF PROTO=TCP SPT=56040 DPT=6881 WINDOW=64240 RES=0x00 SYN URGP=0 MARK=0x3f00
Fri Aug 28 11:49:38 2020 kern.warn kernel: [31692.398860] DROP wan in: IN=pppoe-wanh OUT= MAC= SRC=185.175.93.23 DST=z.y.x.w LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=2134 PROTO=TCP SPT=46943 DPT=4783 WINDOW=1024 RES=0x00 SYN URGP=0 MARK=0x3f00
Fri Aug 28 11:49:44 2020 kern.warn kernel: [31698.951135] DROP wan in: IN=pppoe-wana OUT= MAC= SRC=185.175.93.24 DST=w.x.y.z LEN=40 TOS=0x00 PREC=0x00 TTL=250 ID=11059 PROTO=TCP SPT=46914 DPT=2856 WINDOW=1024 RES=0x00 SYN URGP=0 MARK=0x3f00
Fri Aug 28 11:49:53 2020 kern.warn kernel: [31707.837228] DROP wan in: IN=pppoe-wana OUT= MAC= SRC=92.63.197.97 DST=w.x.y.z LEN=40 TOS=0x00 PREC=0x00 TTL=251 ID=6908 PROTO=TCP SPT=46974 DPT=7068 WINDOW=1024 RES=0x00 SYN URGP=0 MARK=0x3f00
Fri Aug 28 11:50:09 2020 kern.warn kernel: [31723.644074] DROP wan in: IN=pppoe-wanh OUT= MAC= SRC=36.33.132.248 DST=z.y.x.w LEN=40 TOS=0x00 PREC=0x00 TTL=40 ID=63043 PROTO=TCP SPT=13155 DPT=23 WINDOW=853 RES=0x00 SYN URGP=0 MARK=0x3f00
Fri Aug 28 11:50:10 2020 kern.warn kernel: [31724.640446] DROP wan in: IN=pppoe-wanh OUT= MAC= SRC=185.175.93.24 DST=z.y.x.w LEN=40 TOS=0x08 PREC=0x00 TTL=240 ID=5812 PROTO=TCP SPT=46914 DPT=1591 WINDOW=1024 RES=0x00 SYN URGP=0 MARK=0x3f00
Fri Aug 28 11:50:10 2020 kern.warn kernel: [31724.709013] DROP wan in: IN=pppoe-wana OUT= MAC= SRC=185.232.65.124 DST=w.x.y.z LEN=60 TOS=0x00 PREC=0x00 TTL=58 ID=19877 DF PROTO=TCP SPT=56276 DPT=6379 WINDOW=29200 RES=0x00 SYN URGP=0 MARK=0x3f00
Fri Aug 28 11:50:21 2020 kern.warn kernel: [31736.052148] DROP wan in: IN=pppoe-wanh OUT= MAC= SRC=185.175.93.23 DST=z.y.x.w LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=27049 PROTO=TCP SPT=46943 DPT=3553 WINDOW=1024 RES=0x00 SYN URGP=0 MARK=0x3f00
Click to expand...
 
Last edited:
Sort by date Sort by votes
It is the bots scanning the whole internet for exploiting known vulnerabilities. This happens on all public IPs.

If you have upto date OpenWRT version, strong password, good firewall policies and have not port forwarded vulnerable services especially RDP, then no need to worry.
It is better to disable luci interface access from WAN.
 
Upvote 2

Similar threads

V
Frequently loosing ADSL Link
Replies
6
Views
12,526
vIjAy_kHaSa
Top