That's quite normal. You will also see a lot of strange ICMP and DNS replies, UDP traffic and others.
The idea is that those IPs where poked even before you added them to the DNS, you just did not see them.
Get used to it and create proper firewall rules to not accept incoming connections on the router from the public and ampr-gw interfaces which you not need (usually you need none).
Marius, YO2LOJ
-----Original Message----- From: R P Sent: Tuesday, April 05, 2016 09:28 To: AMPRNet working group Subject: [44net] strange login attempts to AMPR Hosts
(Please trim inclusions from previous messages) _______________________________________________ Hi group
The mikrotik router log show me every half minute a telnet and SSH login attempt it last for hours
the strange thing is that the IP it is using was not active in the AMR DNS up to yesterday and right after i have add it to the DNS and connected the router the login attempt tried
I have traced two off the breakers and one is in Poland and other is in China
Is it common that someone try to brake our network hosts ? do you see such things at your hosts too ?
how someone discover so quick about an active host in a Whole class A network ?
What is your solution \ reaction for such a brake attempts ??
Thanks for every clarifications
Regards
Ronen - 4Z4ZQ
Ronen Pinchooks (4Z4ZQ) WebSitehttp://www.ronen.org/ www.ronen.org ronen.org (Ronen Pinchooks (4Z4ZQ) WebSite) is hosted by domainavenue.com