When I did "ps -ef' today I found this. Is someone trying to break in?

root 2619 819 0 13:53 ? 00:00:00 in.telnetd: 85.105.131.63.static.ttnet.com.tr
root 2630 2619 0 13:53 ? 00:00:00 [login] <defunct>
root 3041 3039 0 14:08 pts/33 00:00:00 /bin/login -h abts-north-dynamic-041.68.162.122.airtelbroadband.in -p
root 3044 819 0 14:09 ? 00:00:00 in.telnetd: nsg-static-042.157.72.182.airtel.in
root 3045 3044 0 14:09 pts/7 00:00:00 /bin/login -h nsg-static-042.157.72.182.airtel.in -p
root 3048 819 0 14:09 ? 00:00:00 in.telnetd: 122-116-117-64.hinet-ip.hinet.net
root 3049 3048 0 14:09 pts/12 00:00:00 /bin/login -h 122-116-117-64.hinet-ip.hinet.net -p
root 3052 819 0 14:09 ? 00:00:00 in.telnetd: 219-85-63-81-adsl-tpe.static.so-net.net.tw
root 3053 3052 0 14:09 pts/27 00:00:00 /bin/login -h 219-85-63-81-adsl-tpe.static.so-net.net.tw -p
root 3054 819 0 14:09 ? 00:00:00 in.telnetd: abts-north-dynamic-041.68.162.122.airtelbroadband.in
root 3055 3054 0 14:09 pts/28 00:00:00 /bin/login -h abts-north-dynamic-041.68.162.122.airtelbroadband.in -p

Probably just random port scans, as they come from many different ip addresses. Port scans are a fact of internet life.

If you are concerned, in addition to having a firewall, install fail2ban.

telnetd?

Indeed the machine shouldn't offer a service like telnetd in the first place and exposing it to the Internet without ACL on top of that is completely contrary to all Best Practices. Disable telnetd then audit the machine for any other services that should not be running, are running without ACLs or any anomalies in login records, binaries, libraries and configuration files.

Thank you for the advice.