I looked through my log more carefully and interestingly, the connection was closed immediately after it was opened. Those have always been my settings (disabled remote access) - and that's why this does not make any sense at all. Please DO NOT PM me with questions Ask in the forum. Why Should I Care What Color the Bikeshed Is‽.Official Forum Rules, Guidelines & Helpful Information.I don't think the "allow any IP" is effective until remote management of WebUI, ssh, or telnet is enabled.
DROPBEAR SSH SERVER ON ROUTER MANUAL
Do I need to do something else to ensure no one can access my router from outside my LAN>Īny advice on what to do? My best guess is:ġ) Disable SSH under services immediatelyĢ) Make a manual note of all my settings (on paper as I don't know if doing a router backup and restoring settings would somehow allow this access to happen again)ģ) Reflash the firmware with a reset of all settingsĪre those the settings you had set up when this happened? If so, then something is definitely amiss if a remote client from the internet connected and was able to login. Like on the Administration tab, under remote access, I had WebGUI and SSH access disabled, so I'm not sure how anyone could even access my router remotely. I'm concerned that it means someone found a way to access my router. I did an IP lookup search on this IP address, and it appears this 78.128.113.150 IP address is in Bulgaria. I didn't get any more of them until maybe an hour ago when I saw the above one pop up. I immediately rebooted my router thinking it was perhaps an error or something. I check my logs every 2-3 days and had never seen this before so this is completely brand new. I had like 2 or 3 or these throughout the night from different IP addresses which seemed weird to me. I was going through my router logs this morning and noticed a few new messages I had never seen before. Posted: Sun 19:40 Post subject: Unknown dropbear login on router in log