Linux - Networking This forum is for any issue related to networks or networking.
Notices
Welcome to
LinuxQuestions.org , a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free.
Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please
contact us . If you need to reset your password,
click here .
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a
virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month.
Click here for more info.
#1
LQ Newbie
Registered: Dec 2017
Posts: 3
Rep:
internet very slow lately, router log shows odd activity
ISP is rated to get around 2mbps and on regular days I do test at around 1.5mbps download.
But lately it has been 300-500 kbps IF I am lucky!! So miserable.
I thought it was just the ISP but now I looked at my router log and am seeing lots of suspicious activity, am I being botted? If I am, how do I stop it from impacting my speed?
Router log as follows, IP edited out for privacy:
Code:
INF 2018-03-15T23:41:23-07:00 fw,fwmon src=85.93.20.243 dst=xx.xx.xx.xx ipprot=6 sport=44488 dport=8221 Telnet Dropped
INF 2018-03-15T23:41:23-07:00 fw,fwmon src=85.93.20.243 dst=xx.xx.xx.xx ipprot=6 sport=44488 dport=8221 Telnet Dropped
INF 2018-03-15T23:40:14-07:00 fw,fwmon src=89.248.174.45 dst=xx.xx.xx.xx ipprot=6 sport=54371 dport=6429 Telnet Dropped
INF 2018-03-15T23:40:14-07:00 fw,fwmon src=89.248.174.45 dst=xx.xx.xx.xx ipprot=6 sport=54371 dport=6429 Telnet Dropped
INF 2018-03-15T23:40:03-07:00 fw,fwmon src=184.64.167.234 dst=xx.xx.xx.xx ipprot=6 sport=61758 dport=23 Telnet Dropped
INF 2018-03-15T23:40:03-07:00 fw,fwmon src=184.64.167.234 dst=xx.xx.xx.xx ipprot=6 sport=61758 dport=23 Telnet Dropped
INF 2018-03-15T23:38:08-07:00 fw,fwmon src=27.35.190.207 dst=xx.xx.xx.xx ipprot=6 sport=46001 dport=23 Telnet Dropped
INF 2018-03-15T23:38:08-07:00 fw,fwmon src=27.35.190.207 dst=xx.xx.xx.xx ipprot=6 sport=46001 dport=23 Telnet Dropped
INF 2018-03-15T23:37:28-07:00 fw,fwmon src=46.250.105.12 dst=xx.xx.xx.xx ipprot=6 sport=3265 dport=22 Local Session, Packet Passed
INF 2018-03-15T23:37:28-07:00 fw,fwmon src=46.250.105.12 dst=xx.xx.xx.xx ipprot=6 sport=3265 dport=22 Local Session, Packet Passed
INF 2018-03-15T23:37:27-07:00 fw,fwmon src=46.250.105.12 dst=xx.xx.xx.xx ipprot=6 sport=15402 dport=22 Local Session, Packet Passed
INF 2018-03-15T23:37:27-07:00 fw,fwmon src=46.250.105.12 dst=xx.xx.xx.xx ipprot=6 sport=15402 dport=22 Local Session, Packet Passed
INF 2018-03-15T23:34:28-07:00 fw,fwmon src=77.72.82.103 dst=xx.xx.xx.xx ipprot=6 sport=47645 dport=3410 Telnet Dropped
INF 2018-03-15T23:34:28-07:00 fw,fwmon src=77.72.82.103 dst=xx.xx.xx.xx ipprot=6 sport=47645 dport=3410 Telnet Dropped
INF 2018-03-15T23:33:47-07:00 fw,fwmon src=85.93.20.243 dst=xx.xx.xx.xx ipprot=6 sport=44488 dport=8254 Telnet Dropped
INF 2018-03-15T23:33:47-07:00 fw,fwmon src=85.93.20.243 dst=xx.xx.xx.xx ipprot=6 sport=44488 dport=8254 Telnet Dropped
INF 2018-03-15T23:33:38-07:00 fw,fwmon src=184.105.247.212 dst=xx.xx.xx.xx ipprot=17 sport=46921 dport=389 Telnet Dropped
INF 2018-03-15T23:33:38-07:00 fw,fwmon src=184.105.247.212 dst=xx.xx.xx.xx ipprot=17 sport=46921 dport=389 Telnet Dropped
INF 2018-03-15T23:32:42-07:00 fw,fwmon src=77.72.82.57 dst=xx.xx.xx.xx ipprot=6 sport=48389 dport=6744 Telnet Dropped
INF 2018-03-15T23:32:42-07:00 fw,fwmon src=77.72.82.57 dst=xx.xx.xx.xx ipprot=6 sport=48389 dport=6744 Telnet Dropped
INF 2018-03-15T23:32:00-07:00 fw,fwmon src=190.2.137.91 dst=xx.xx.xx.xx ipprot=6 sport=45943 dport=3404 Telnet Dropped
INF 2018-03-15T23:32:00-07:00 fw,fwmon src=190.2.137.91 dst=xx.xx.xx.xx ipprot=6 sport=45943 dport=3404 Telnet Dropped
INF 2018-03-15T23:28:41-07:00 fw,fwmon src=196.52.43.118 dst=xx.xx.xx.xx ipprot=6 sport=6666 dport=37777 Telnet Dropped
INF 2018-03-15T23:28:41-07:00 fw,fwmon src=196.52.43.118 dst=xx.xx.xx.xx ipprot=6 sport=6666 dport=37777 Telnet Dropped
INF 2018-03-15T23:28:11-07:00 fw,fwmon src=194.132.236.159 dst=xx.xx.xx.xx ipprot=6 sport=36666 dport=23 Telnet Dropped
INF 2018-03-15T23:28:11-07:00 fw,fwmon src=194.132.236.159 dst=xx.xx.xx.xx ipprot=6 sport=36666 dport=23 Telnet Dropped
INF 2018-03-15T23:26:44-07:00 fw,fwmon src=181.214.87.12 dst=xx.xx.xx.xx ipprot=6 sport=52438 dport=2775 Telnet Dropped
INF 2018-03-15T23:26:44-07:00 fw,fwmon src=181.214.87.12 dst=xx.xx.xx.xx ipprot=6 sport=52438 dport=2775 Telnet Dropped
INF 2018-03-15T23:26:04-07:00 fw,fwmon src=126.4.97.32 dst=xx.xx.xx.xx ipprot=6 sport=28099 dport=23 Telnet Dropped
INF 2018-03-15T23:26:04-07:00 fw,fwmon src=126.4.97.32 dst=xx.xx.xx.xx ipprot=6 sport=28099 dport=23 Telnet Dropped
INF 2018-03-15T23:25:57-07:00 fw,fwmon src=184.105.247.238 dst=xx.xx.xx.xx ipprot=6 sport=49381 dport=50075 Telnet Dropped
INF 2018-03-15T23:25:57-07:00 fw,fwmon src=184.105.247.238 dst=xx.xx.xx.xx ipprot=6 sport=49381 dport=50075 Telnet Dropped
INF 2018-03-15T23:25:31-07:00 fw,fwmon src=61.146.209.131 dst=xx.xx.xx.xx ipprot=6 sport=42761 dport=2497 Telnet Dropped
INF 2018-03-15T23:25:31-07:00 fw,fwmon src=61.146.209.131 dst=xx.xx.xx.xx ipprot=6 sport=42761 dport=2497 Telnet Dropped
INF 2018-03-15T23:25:21-07:00 fw,fwmon src=179.99.91.192 dst=xx.xx.xx.xx ipprot=6 sport=20592 dport=23 Telnet Dropped
INF 2018-03-15T23:25:21-07:00 fw,fwmon src=179.99.91.192 dst=xx.xx.xx.xx ipprot=6 sport=20592 dport=23 Telnet Dropped
INF 2018-03-15T23:22:56-07:00 fw,fwmon src=89.248.174.45 dst=xx.xx.xx.xx ipprot=6 sport=54371 dport=7648 Telnet Dropped
INF 2018-03-15T23:22:56-07:00 fw,fwmon src=89.248.174.45 dst=xx.xx.xx.xx ipprot=6 sport=54371 dport=7648 Telnet Dropped
INF 2018-03-15T23:22:30-07:00 fw,fwmon src=181.214.87.12 dst=xx.xx.xx.xx ipprot=6 sport=52438 dport=2761 Telnet Dropped
INF 2018-03-15T23:22:30-07:00 fw,fwmon src=181.214.87.12 dst=xx.xx.xx.xx ipprot=6 sport=52438 dport=2761 Telnet Dropped
INF 2018-03-15T23:22:29-07:00 fw,fwmon src=114.156.92.231 dst=xx.xx.xx.xx ipprot=6 sport=39830 dport=23 Telnet Dropped
INF 2018-03-15T23:22:29-07:00 fw,fwmon src=114.156.92.231 dst=xx.xx.xx.xx ipprot=6 sport=39830 dport=23 Telnet Dropped
INF 2018-03-15T23:22:12-07:00 fw,fwmon src=181.214.87.12 dst=xx.xx.xx.xx ipprot=6 sport=52458 dport=7752 Telnet Dropped
INF 2018-03-15T23:22:12-07:00 fw,fwmon src=181.214.87.12 dst=xx.xx.xx.xx ipprot=6 sport=52458 dport=7752 Telnet Dropped
INF 2018-03-15T23:22:05-07:00 fw,fwmon src=209.126.136.2 dst=xx.xx.xx.xx ipprot=17 sport=50392 dport=53 Telnet Dropped
INF 2018-03-15T23:22:05-07:00 fw,fwmon src=209.126.136.2 dst=xx.xx.xx.xx ipprot=17 sport=50392 dport=53 Telnet Dropped
INF 2018-03-15T23:21:21-07:00 fw,fwmon src=92.53.90.165 dst=xx.xx.xx.xx ipprot=6 sport=60000 dport=43389 Telnet Dropped
INF 2018-03-15T23:21:21-07:00 fw,fwmon src=92.53.90.165 dst=xx.xx.xx.xx ipprot=6 sport=60000 dport=43389 Telnet Dropped
INF 2018-03-15T23:20:14-07:00 fw,fwmon src=89.248.174.45 dst=xx.xx.xx.xx ipprot=6 sport=54371 dport=7069 Telnet Dropped
INF 2018-03-15T23:20:14-07:00 fw,fwmon src=89.248.174.45 dst=xx.xx.xx.xx ipprot=6 sport=54371 dport=7069 Telnet Dropped
INF 2018-03-15T23:19:31-07:00 fw,fwmon src=77.72.82.80 dst=xx.xx.xx.xx ipprot=6 sport=42907 dport=8340 Telnet Dropped
INF 2018-03-15T23:19:31-07:00 fw,fwmon src=77.72.82.80 dst=xx.xx.xx.xx ipprot=6 sport=42907 dport=8340 Telnet Dropped
INF 2018-03-15T23:17:00-07:00 fw,fwmon src=213.248.181.9 dst=xx.xx.xx.xx ipprot=6 sport=45638 dport=3391 Telnet Dropped
INF 2018-03-15T23:17:00-07:00 fw,fwmon src=213.248.181.9 dst=xx.xx.xx.xx ipprot=6 sport=45638 dport=3391 Telnet Dropped
INF 2018-03-15T23:15:01-07:00 fw,fwmon src=14.20.180.67 dst=xx.xx.xx.xx ipprot=6 sport=41217 dport=1433 Telnet Dropped
INF 2018-03-15T23:15:01-07:00 fw,fwmon src=14.20.180.67 dst=xx.xx.xx.xx ipprot=6 sport=41217 dport=1433 Telnet Dropped
INF 2018-03-15T23:14:38-07:00 fw,fwmon src=89.248.174.45 dst=xx.xx.xx.xx ipprot=6 sport=54371 dport=9776 Telnet Dropped
INF 2018-03-15T23:14:38-07:00 fw,fwmon src=89.248.174.45 dst=xx.xx.xx.xx ipprot=6 sport=54371 dport=9776 Telnet Dropped
INF 2018-03-15T23:14:29-07:00 fw,fwmon src=109.248.9.4 dst=xx.xx.xx.xx ipprot=6 sport=59337 dport=54 Telnet Dropped
INF 2018-03-15T23:14:29-07:00 fw,fwmon src=109.248.9.4 dst=xx.xx.xx.xx ipprot=6 sport=59337 dport=54 Telnet Dropped
INF 2018-03-15T23:12:40-07:00 fw,fwmon src=185.216.140.37 dst=xx.xx.xx.xx ipprot=6 sport=36160 dport=10010 Telnet Dropped
INF 2018-03-15T23:12:40-07:00 fw,fwmon src=185.216.140.37 dst=xx.xx.xx.xx ipprot=6 sport=36160 dport=10010 Telnet Dropped
INF 2018-03-15T23:12:16-07:00 fw,fwmon src=85.93.20.243 dst=xx.xx.xx.xx ipprot=6 sport=44488 dport=8223 Telnet Dropped
INF 2018-03-15T23:12:16-07:00 fw,fwmon src=85.93.20.243 dst=xx.xx.xx.xx ipprot=6 sport=44488 dport=8223 Telnet Dropped
INF 2018-03-15T23:11:20-07:00 fw,fwmon src=185.143.223.201 dst=xx.xx.xx.xx ipprot=6 sport=59828 dport=12281 Telnet Dropped
INF 2018-03-15T23:11:20-07:00 fw,fwmon src=185.143.223.201 dst=xx.xx.xx.xx ipprot=6 sport=59828 dport=12281 Telnet Dropped
INF 2018-03-15T23:10:28-07:00 fw,fwmon src=210.79.117.150 dst=xx.xx.xx.xx ipprot=6 sport=59447 dport=1433 Telnet Dropped
INF 2018-03-15T23:10:28-07:00 fw,fwmon src=210.79.117.150 dst=xx.xx.xx.xx ipprot=6 sport=59447 dport=1433 Telnet Dropped
INF 2018-03-15T23:10:24-07:00 fw,fwmon src=23.98.158.114 dst=xx.xx.xx.xx ipprot=6 sport=47422 dport=34201 Telnet Dropped
INF 2018-03-15T23:10:24-07:00 fw,fwmon src=23.98.158.114 dst=xx.xx.xx.xx ipprot=6 sport=47422 dport=34201 Telnet Dropped
INF 2018-03-15T23:09:01-07:00 fw,fwmon src=41.232.147.0 dst=xx.xx.xx.xx ipprot=6 sport=45988 dport=22 Local Session, Packet Passed
INF 2018-03-15T23:09:01-07:00 fw,fwmon src=41.232.147.0 dst=xx.xx.xx.xx ipprot=6 sport=41972 dport=22 Local Session, Packet Passed
INF 2018-03-15T23:06:02-07:00 fw,fwmon src=106.75.151.101 dst=xx.xx.xx.xx ipprot=6 sport=41661 dport=3389 Telnet Dropped
INF 2018-03-15T23:05:31-07:00 fw,fwmon src=77.72.82.103 dst=xx.xx.xx.xx ipprot=6 sport=47645 dport=3371 Telnet Dropped
INF 2018-03-15T23:05:31-07:00 fw,fwmon src=49.142.198.147 dst=xx.xx.xx.xx ipprot=6 sport=46115 dport=23 Telnet Dropped
INF 2018-03-15T23:05:25-07:00 fw,fwmon src=185.153.197.55 dst=xx.xx.xx.xx ipprot=6 sport=41243 dport=9736 Telnet Dropped
INF 2018-03-15T23:04:43-07:00 fw,fwmon src=209.126.136.4 dst=xx.xx.xx.xx ipprot=6 sport=48921 dport=21 Telnet Dropped
INF 2018-03-15T23:02:24-07:00 fw,fwmon src=185.143.223.125 dst=xx.xx.xx.xx ipprot=6 sport=53874 dport=3355 Telnet Dropped
INF 2018-03-15T23:02:11-07:00 fw,fwmon src=183.131.83.112 dst=xx.xx.xx.xx ipprot=6 sport=6000 dport=8181 Telnet Dropped
INF 2018-03-15T23:01:10-07:00 fw,fwmon src=150.242.235.73 dst=xx.xx.xx.xx ipprot=6 sport=58663 dport=1433 Telnet Dropped
INF 2018-03-15T22:59:20-07:00 fw,fwmon src=180.141.248.82 dst=xx.xx.xx.xx ipprot=6 sport=58284 dport=23 Telnet Dropped
INF 2018-03-15T22:59:04-07:00 fw,fwmon src=153.125.118.221 dst=xx.xx.xx.xx ipprot=6 sport=62160 dport=23 Telnet Dropped
INF 2018-03-15T22:58:51-07:00 fw,fwmon src=77.72.82.125 dst=xx.xx.xx.xx ipprot=6 sport=52794 dport=7833 Telnet Dropped
INF 2018-03-15T22:57:15-07:00 fw,fwmon src=199.180.119.72 dst=xx.xx.xx.xx ipprot=6 sport=39976 dport=3307 Telnet Dropped
INF 2018-03-15T22:57:09-07:00 fw,fwmon src=5.188.11.89 dst=xx.xx.xx.xx ipprot=6 sport=42678 dport=15180 Telnet Dropped
INF 2018-03-15T22:55:03-07:00 fw,fwmon src=200.158.243.41 dst=xx.xx.xx.xx ipprot=6 sport=61518 dport=23 Telnet Dropped
INF 2018-03-15T22:54:33-07:00 fw,fwmon src=219.140.15.98 dst=xx.xx.xx.xx ipprot=6 sport=40446 dport=1433 Telnet Dropped
INF 2018-03-15T22:54:32-07:00 fw,fwmon src=181.214.87.12 dst=xx.xx.xx.xx ipprot=6 sport=52458 dport=7754 Telnet Dropped
INF 2018-03-15T22:53:36-07:00 fw,fwmon src=5.188.11.25 dst=xx.xx.xx.xx ipprot=6 sport=43140 dport=21576 Telnet Dropped
INF 2018-03-15T22:53:06-07:00 fw,fwmon src=181.214.87.12 dst=xx.xx.xx.xx ipprot=6 sport=52458 dport=7744 Telnet Dropped
INF 2018-03-15T22:50:49-07:00 fw,fwmon src=196.52.43.55 dst=xx.xx.xx.xx ipprot=6 sport=19698 dport=502 Telnet Dropped
INF 2018-03-15T22:50:47-07:00 fw,fwmon src=195.154.50.56 dst=xx.xx.xx.xx ipprot=17 sport=4044 dport=5060 Telnet Dropped
INF 2018-03-15T22:50:31-07:00 fw,fwmon src=182.106.129.1 dst=xx.xx.xx.xx ipprot=6 sport=26938 dport=22 Local Session, Packet Passed
INF 2018-03-15T22:50:04-07:00 fw,fwmon src=77.72.82.57 dst=xx.xx.xx.xx ipprot=6 sport=48389 dport=6741 Telnet Dropped
INF 2018-03-15T22:49:22-07:00 fw,fwmon src=219.230.66.255 dst=xx.xx.xx.xx ipprot=6 sport=59047 dport=1433 Telnet Dropped
INF 2018-03-15T22:48:20-07:00 fw,fwmon src=184.105.247.219 dst=xx.xx.xx.xx ipprot=17 sport=17930 dport=5351 Telnet Dropped
INF 2018-03-15T22:48:03-07:00 fw,fwmon src=5.188.11.63 dst=xx.xx.xx.xx ipprot=6 sport=57471 dport=5060 Telnet Dropped
INF 2018-03-15T22:45:52-07:00 fw,fwmon src=185.153.198.247 dst=xx.xx.xx.xx ipprot=6 sport=42407 dport=8300 Telnet Dropped
INF 2018-03-15T22:44:33-07:00 fw,fwmon src=77.72.82.11 dst=xx.xx.xx.xx ipprot=6 sport=53594 dport=64246 Telnet Dropped
INF 2018-03-15T22:43:16-07:00 fw,fwmon src=5.188.11.89 dst=xx.xx.xx.xx ipprot=6 sport=42678 dport=15260 Telnet Dropped
INF 2018-03-15T22:42:00-07:00 fw,fwmon src=77.72.82.92 dst=xx.xx.xx.xx ipprot=6 sport=43124 dport=12121 Telnet Dropped
I just googled one of the IPs and results identify it as a "banned hacker ip" :\
Please help, thank you.
#2
LQ Veteran
Registered: Jan 2011
Location: Abingdon, VA
Distribution: Catalina
Posts: 9,374
Rep:
Probing via masscan or udp using nmap maybe?
#3
LQ Newbie
Registered: Dec 2017
Posts: 3
Original Poster
Rep:
Seems the activity comes and goes. There will be a 1 hour solid block of those telnet attempts, then few hours nothing, then more attempts.
All times are GMT -5. The time now is 01:00 AM .
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know .
