Think someone is trying to hack me ?

[Fontie]

Noticed below in logs 183.60.48.25 is from China looks like he/she is trying to get into my USB drive attached to my N66U its repeated about 15 times a day. Should I be worried.

Jun 20 00:09:54 sd-idle-2.6[241]: spinning down /dev/sda after 20 mins 30 secs
Jun 20 00:36:25 sd-idle-2.6[241]: spinning up /dev/sda after 26 mins 31 secs
Jun 20 00:56:25 sd-idle-2.6[241]: spinning down /dev/sda after 20 mins
Jun 20 03:10:40 miniupnpd[600]: remove port mapping 3659 UDP because it has expired
Jun 20 05:09:31 sd-idle-2.6[241]: spinning up /dev/sda after 4 hours 13 mins 6 secs
Jun 20 05:29:31 sd-idle-2.6[241]: spinning down /dev/sda after 20 mins
Jun 20 09:55:07 sd-idle-2.6[241]: spinning up /dev/sda after 4 hours 25 mins 36 secs
Jun 20 09:55:12 kernel: usb 1-1.2: reset high speed USB device using ehci_hcd and address 3
Jun 20 10:15:38 sd-idle-2.6[241]: spinning down /dev/sda after 20 mins 31 secs
Jun 20 14:54:14 sd-idle-2.6[241]: spinning up /dev/sda after 4 hours 38 mins 36 secs
Jun 20 14:54:16 kernel: usb 1-1.2: reset high speed USB device using ehci_hcd and address 3
Jun 20 15:14:44 sd-idle-2.6[241]: spinning down /dev/sda after 20 mins 30 secs
Jun 20 17:54:18 sd-idle-2.6[241]: spinning up /dev/sda after 2 hours 39 mins 34 secs
Jun 20 18:15:49 sd-idle-2.6[241]: spinning down /dev/sda after 21 mins 31 secs
Jun 20 19:46:21 sd-idle-2.6[241]: spinning up /dev/sda after 1 hours 30 mins 32 secs
Jun 20 20:06:51 sd-idle-2.6[241]: spinning down /dev/sda after 20 mins 30 secs
Jun 21 00:40:27 sd-idle-2.6[241]: spinning up /dev/sda after 4 hours 33 mins 36 secs
Jun 21 01:00:28 sd-idle-2.6[241]: spinning down /dev/sda after 20 mins 1 secs
Jun 21 05:05:21 kernel: usb 1-1.2: reset high speed USB device using ehci_hcd and address 3
Jun 21 05:05:24 kernel: usb 1-1.2: reset high speed USB device using ehci_hcd and address 3
Jun 21 05:05:33 sd-idle-2.6[241]: spinning up /dev/sda after 4 hours 5 mins 5 secs
Jun 21 05:25:34 sd-idle-2.6[241]: spinning down /dev/sda after 20 mins 1 secs
Jun 20 00:09:54 sd-idle-2.6[241]: spinning down /dev/sda after 20 mins 30 secs
Jun 20 00:36:25 sd-idle-2.6[241]: spinning up /dev/sda after 26 mins 31 secs
Jun 20 00:56:25 sd-idle-2.6[241]: spinning down /dev/sda after 20 mins
Jun 20 03:10:40 miniupnpd[600]: remove port mapping 3659 UDP because it has expired
Jun 20 05:09:31 sd-idle-2.6[241]: spinning up /dev/sda after 4 hours 13 mins 6 secs
Jun 20 05:29:31 sd-idle-2.6[241]: spinning down /dev/sda after 20 mins
Jun 20 09:55:07 sd-idle-2.6[241]: spinning up /dev/sda after 4 hours 25 mins 36 secs
Jun 20 09:55:12 kernel: usb 1-1.2: reset high speed USB device using ehci_hcd and address 3
Jun 20 10:15:38 sd-idle-2.6[241]: spinning down /dev/sda after 20 mins 31 secs
Jun 20 14:54:14 sd-idle-2.6[241]: spinning up /dev/sda after 4 hours 38 mins 36 secs
Jun 20 14:54:16 kernel: usb 1-1.2: reset high speed USB device using ehci_hcd and address 3
Jun 20 15:14:44 sd-idle-2.6[241]: spinning down /dev/sda after 20 mins 30 secs
Jun 20 17:54:18 sd-idle-2.6[241]: spinning up /dev/sda after 2 hours 39 mins 34 secs
Jun 20 18:15:49 sd-idle-2.6[241]: spinning down /dev/sda after 21 mins 31 secs
Jun 20 19:46:21 sd-idle-2.6[241]: spinning up /dev/sda after 1 hours 30 mins 32 secs
Jun 20 20:06:51 sd-idle-2.6[241]: spinning down /dev/sda after 20 mins 30 secs
Jun 21 00:40:27 sd-idle-2.6[241]: spinning up /dev/sda after 4 hours 33 mins 36 secs
Jun 21 01:00:28 sd-idle-2.6[241]: spinning down /dev/sda after 20 mins 1 secs
Jun 21 05:05:21 kernel: usb 1-1.2: reset high speed USB device using ehci_hcd and address 3
Jun 21 05:05:24 kernel: usb 1-1.2: reset high speed USB device using ehci_hcd and address 3
Jun 21 05:05:33 sd-idle-2.6[241]: spinning up /dev/sda after 4 hours 5 mins 5 secs
Jun 21 05:25:34 sd-idle-2.6[241]: spinning down /dev/sda after 20 mins 1 secs
Jun 21 06:55:08 pptpd[1536]: CTRL: Client 183.60.48.25 control connection started
Jun 21 06:55:08 pptpd[1536]: CTRL: EOF or bad error reading ctrl packet length.
Jun 21 06:55:08 pptpd[1536]: CTRL: couldn't read packet header (exit)
Jun 21 06:55:08 pptpd[1536]: CTRL: CTRL read failed
Jun 21 06:55:08 pptpd[1536]: CTRL: Client 183.60.48.25 control connection finished

 

[octopus]

No you shouldn't.
I have seen this aswell but after I have updated to latest build with updated SSH and OpenVpn regarding hartblead all that have dissapered. Do you have PPTP server on?

I use to have a script to block that kind of scan attacks but haven't seen any attack lately.

 

[ColinTaylor]

I don't think the two things are connected. The attempt to connect from China only lasts a second and doesn't succeed so there's no way it can be effecting your USB drive.

There must be something else on the router or on your LAN that is attempting to access the USB drive. Are you sharing the contents of the drive with the media server or SAMBA for example? Do you put your traffic monitoring history on it?

BTW, I also see the same connection attempt once every 2 days from exactly the same IP address.