[44net] probbing and attacks on my router

Hi I was "playing" with my AMPR Router yesterday I had a open user (on purpose) and saw that from that user few IP (not my ones) were logged in after some more research i have discovered that this users was opening connections to other hosts .... That made me suspicious on what going on .... I have checked one of the IP that was connected and back resolve showed customer.worldstream.nl comming via SSH I understand something not good happening i have closed this user rebooted the router (to clear the connection ) and then i started to get alot of connections to port 22 to my router from that host I had to put Firewall rule (drop) for that address and destination port (22)(although im against fire-walling) After less then 24 hours the traffic stopped from that host the trafic (Via UCSD (Encapped) went down from 19 KBytes/sec to less then 1 Kbyte/sec now. I know how to deal with the technical aspects (firewall .etc) What is not understand to me is what is the purpose ... If it is a robot what is the point of fluddling SSH connections is it brute force ? or anything else ? and how come that after 24 hours it stopped it supposed to be endless loop if it is an automated process Please light my eyes on that if you have more experience then me currently the router is "quiet" without non wanted users logged in and un necessary connections I see on the log here and there breake attempt mainly to Ports 23 22 and SIP from various hosts but it is few in a minute Regards Ronen - 4Z4ZQ http://www.ronen.org Ronen Pinchooks (4Z4ZQ) WebSite<http://www.ronen.org/> www.ronen.org ronen.org (Ronen Pinchooks (4Z4ZQ) WebSite) is hosted by domainavenue.com