Cisco 1941 External login: Is This a problem ?

ManIDE661 · ‎06-15-2020

Good Morning.

I have tried to investigate unauthorized access attempts into my router but cant conclude if I have a problem.

Below is my log of the access attempts.

the interest is the 3 "permitted tcp" messages. these look like external access attempts but not exactly sure what access has gained, can someone please explain if these 3 messages mean my router has hacked ?.

Some ACL seem to be automatically added as I don't remember adding ACL 40, can this be removed ?

*May 22 03:06:39.755: %SEC-6-IPACCESSLOGP: list sl_def_acl denied tcp 183.249.121.172(23665) -> {My.IP}(23), 1 packet
*May 22 03:06:49.695: %SEC-6-IPACCESSLOGP: list sl_def_acl denied tcp 114.40.65.150(56897) -> {My.IP}(23), 1 packet
*May 22 03:17:30.887: %SEC-6-IPACCESSLOGP: list sl_def_acl denied tcp 31.163.186.247(3188) -> {My.IP}(23), 1 packet
*May 22 03:32:53.511: %SEC-6-IPACCESSLOGP: list sl_def_acl denied tcp 123.0.193.181(38015) -> {My.IP}(23), 1 packet
*May 22 03:42:38.735: %SEC-6-IPACCESSLOGP: list sl_def_acl denied tcp 37.139.99.58(6372) -> {My.IP}(23), 1 packet
*May 22 03:46:52.043: %SEC-6-IPACCESSLOGP: list sl_def_acl denied tcp 125.195.9.109(25690) -> {My.IP}(23), 1 packet
*May 22 03:50:18.419: %SEC-6-IPACCESSLOGP: list sl_def_acl denied tcp 60.19.206.195(32350) -> {My.IP}(23), 1 packet
*May 22 03:50:34.047: %SEC-6-IPACCESSLOGP: list sl_def_acl denied tcp 61.109.243.91(61531) -> {My.IP}(23), 1 packet
*May 22 04:18:09.247: %SEC-6-IPACCESSLOGP: list sl_def_acl denied tcp 5.251.16.114(50575) -> {My.IP}(23), 1 packet
*May 22 04:18:48.559: %SEC-6-IPACCESSLOGP: list sl_def_acl permitted tcp 183.136.225.44(33102) -> {My.IP}(9003), 1 packet
*May 22 04:18:56.751: %SEC-6-IPACCESSLOGP: list sl_def_acl denied tcp 223.204.66.139(34129) -> {My.IP}(23), 1 packet
*May 22 04:24:35.579: %SEC-6-IPACCESSLOGP: list sl_def_acl permitted tcp 183.136.225.44(25835) -> {My.IP}(9003), 2 packets
*May 22 04:25:01.327: %SEC-6-IPACCESSLOGP: list sl_def_acl denied tcp 103.219.40.59(20787) -> {My.IP}(23), 1 packet
*May 22 04:26:00.951: %SEC-6-IPACCESSLOGP: list sl_def_acl denied tcp 221.221.231.124(20682) -> {My.IP}(23), 1 packet
*May 22 04:35:03.015: %SEC-6-IPACCESSLOGP: list sl_def_acl denied tcp 34.203.246.113(37698) -> {My.IP}(23), 1 packet
*May 22 04:42:02.283: %SEC-6-IPACCESSLOGP: list sl_def_acl denied tcp 61.109.243.91(61531) -> {My.IP}(23), 1 packet

User Access Verification

Username: TheBigCheese
Password:

Cisco1941>
*May 22 04:45:23.351: %SEC_LOGIN-5-LOGIN_SUCCESS: Login Success [user: TheBigCheese] [Source: UNKNOWN] [localport: 0] at 04:45:23 UTC Fri May 22 2020en
Cisco1941#sh access-list
Extended IP access list 197
10 permit icmp any host {MyIPS-DNS.IP} (116 matches)
Extended IP access list 198
10 permit ip any any (14822 matches)
Extended IP access list sl_def_acl
10 deny tcp any any eq telnet log (22 matches)
20 deny tcp any any eq www log
30 deny tcp any any eq 22 log (7 matches)
40 permit ip any any log (3 matches)
Cisco1941#