curious ip address

petehm · August 18, 2020, 8:40am

Hi,

I see weird errors in the logs and also communications from the modem to ip addresses that I don’t understand.

Thanks for your help.

07:41:01, 18 Aug 2020,GP socket connected: x.x.x.x:22 -> 61.177.172.158:12117
07:40:04, 18 Aug 2020,DTR Down ASY 0
07:39:57, 18 Aug 2020,Login failure by root: SSH,SSH
07:39:57, 18 Aug 2020,DTR Up ASY 0
07:39:56, 18 Aug 2020,GP socket connected: x.x.x.x:6785 -> 204.80.7.145:65235
07:39:41, 18 Aug 2020,GP socket connected: x.x.x.x:22 -> 61.177.172.158:10000
07:38:32, 18 Aug 2020,Login failure by root: SSH,SSH
07:38:16, 18 Aug 2020,GP socket connected: x.x.x.x:22 -> 61.177.172.158:14153
07:37:56, 18 Aug 2020,GP socket connected: x.x.x.x:22 -> 222.186.180.142:56107
07:37:27, 18 Aug 2020,GP socket connected: x.x.x.x:22 -> 218.92.0.216:61577
07:37:00, 18 Aug 2020,GP socket connected: x.x.x.x:22 -> 61.177.172.158:43974
07:35:49, 18 Aug 2020,DTR Down ASY 0
07:35:43, 18 Aug 2020,GP socket connected: x.x.x.x:22 -> 61.177.172.158:28208
07:35:10, 18 Aug 2020,CMD 0 Error Result: =~&H==~&H==~&H==/~p~ V==~&H==~&H==~&H==/~p
07:34:58, 18 Aug 2020,DTR Up ASY 0
07:34:25, 18 Aug 2020,GP socket connected: x.x.x.x:22 -> 61.177.172.158:55011
07:33:23, 18 Aug 2020,WEB Login OK by root lvl 0
07:33:14, 18 Aug 2020,GP socket connected: x.x.x.x:22 -> 61.177.172.158:37304
07:31:59, 18 Aug 2020,Login failure by root: SSH,SSH
07:31:52, 18 Aug 2020,GP socket connected: x.x.x.x:22 -> 222.186.30.76:24438
07:31:47, 18 Aug 2020,GP socket connected: x.x.x.x:22 -> 61.177.172.158:42378
07:30:44, 18 Aug 2020,Login failure by root: SSH,SSH
07:30:31, 18 Aug 2020,GP socket connected: x.x.x.x:22 -> 61.177.172.158:61411
07:29:58, 18 Aug 2020,DTR Down ASY 0
07:29:33, 18 Aug 2020,GP socket connected: x.x.x.x:22 -> 61.177.172.158:64749
07:29:10, 18 Aug 2020,GP socket connected: x.x.x.x:22 -> 61.177.172.158:24379
07:27:59, 18 Aug 2020,Login failure by root: SSH,SSH
07:27:52, 18 Aug 2020,GP socket connected: x.x.x.x:22 -> 61.177.172.158:48024
07:27:52, 18 Aug 2020,DTR Up ASY 0
07:27:52, 18 Aug 2020,GP socket connected: x.x.x.x:6785 -> 204.80.7.145:62079
07:27:24, 18 Aug 2020,Cloud connected
07:27:23, 18 Aug 2020,Cloud socket opened
07:27:22, 18 Aug 2020,GP socket connected: x.x.x.x:17159 -> 52.73.23.137:3199

NicholasYourIoT · August 23, 2020, 11:49pm

They are bot IP addresses that scan random IP addresses to build a data base of devices that can potentially be hacked.

https://www.avast.com/business/resources/what-is-port-scanning

You should not have the SSH port on the public internet. Turn on the firewall features of the router.

jserink · September 9, 2020, 3:56am

You’re being scanned by bots.
What I do is shift ssh to a different port and then more the FW port as well to allow the access.

If you leave ssh on port 22, regardless of the plat form, you will be probed continuously.

Cheers,
John

petehm · September 14, 2020, 8:15am

Thanks for your help.

I just turn off SSH and ftp.
since, have this.

09:21:05, 14 Sep 2020,WEB Login OK by root lvl 0
07:49:04, 14 Sep 2020,Certificate Code Error
Lib: SSL routines
Func: SSL23_GET_CLIENT_HELLO
Reason: http request
05:31:46, 14 Sep 2020,GSM Registration On
05:31:46, 14 Sep 2020,GSM Registration Off
04:50:46, 14 Sep 2020,GSM Registration On
04:50:36, 14 Sep 2020,GSM Registration Off
04:45:36, 14 Sep 2020,GSM Registration On
04:45:16, 14 Sep 2020,GSM Registration Off
04:44:46, 14 Sep 2020,GSM Registration On
04:44:46, 14 Sep 2020,GSM Registration Off
04:32:16, 14 Sep 2020,GSM Registration On
04:32:16, 14 Sep 2020,GSM Registration Off
04:22:46, 14 Sep 2020,GSM Registration On
04:22:37, 14 Sep 2020,GSM Registration Off
03:33:36, 14 Sep 2020,GSM Registration On
03:33:36, 14 Sep 2020,GSM Registration Off
03:15:36, 14 Sep 2020,GSM Registration On
03:15:17, 14 Sep 2020,GSM Registration Off
01:47:56, 14 Sep 2020,GSM Registration On
01:47:56, 14 Sep 2020,GSM Registration Off
01:13:16, 14 Sep 2020,GSM Registration On
01:13:06, 14 Sep 2020,GSM Registration Off
23:00:10, 13 Sep 2020,Certificate Code Error
Lib: SSL routines
Func: ssl3_get_client_hello
Reason: no shared cipher
22:59:16, 13 Sep 2020,Certificate Code Error
Lib: SSL routines
Func: ssl3_get_client_hello
Reason: no shared cipher
22:58:53, 13 Sep 2020,Certificate Code Error
Lib: SSL routines
Func: SSL23_GET_CLIENT_HELLO
Reason: unknown protocol
17:54:12, 13 Sep 2020,Certificate Code Error
Lib: SSL routines
Func: SSL23_GET_CLIENT_HELLO
Reason: http request
17:03:59, 13 Sep 2020,Certificate Code Error
Lib: SSL routines
Func: SSL23_GET_CLIENT_HELLO
Reason: unknown protocol
15:52:16, 13 Sep 2020,GSM Registration On
15:52:16, 13 Sep 2020,GSM Registration Off
15:09:36, 13 Sep 2020,GSM Registration On
15:09:36, 13 Sep 2020,GSM Registration Off
14:48:56, 13 Sep 2020,GSM Registration On
14:48:47, 13 Sep 2020,GSM Registration Off
14:39:06, 13 Sep 2020,GSM Registration On
14:39:06, 13 Sep 2020,GSM Registration Off
13:58:46, 13 Sep 2020,Certificate Code Error

jserink · September 15, 2020, 7:25am

I had the same SSL errors, updated the FW, problem gone.
How did you turn off your ssh and ftp?

The GSM errors look like a loose SIM card to me.

Cheers,
John

petehm · September 15, 2020, 10:48am

Already have FW 8.1.0.1
In my wr21, I go to Network -> Network Services
will check sim card.

thanks for your comment

Corandiw · September 16, 2020, 8:43am

You’re being scanned by bots.

Topic		Replies	Views
Can't connect to digi wr31 using ip from external computer? Digi TransPort WR (Series) ip-address	1	812	September 10, 2018
Get Mac address of digi IX10 or WR31 via SSH Digi TransPort WR (Series) ssh , wr31 , ix10	1	12	November 19, 2024
Cannot log in to Digi Wr54 Digi TransPort WR (Series)	0	6	February 4, 2025
WR21 event log Digi TransPort WR (Series) wr21 , event , crash , log	0	329	December 30, 2020
WR11 Modem firmware update and event log for strange behavior Digi TransPort WR (Series) wr11	1	549	January 16, 2020

curious ip address

Related topics